public override async Task ApplyLogoutResponse([NotNull] ApplyLogoutResponseContext context) { var options = (OpenIddictServerOptions)context.Options; // Note: as this stage, the request associated with the context may be null if an error // occurred very early in the pipeline (e.g an invalid HTTP verb was used by the caller). // Remove the logout request from the distributed cache. if (options.EnableRequestCaching && !string.IsNullOrEmpty(context.Request?.RequestId)) { // Note: the cache key is always prefixed with a specific marker // to avoid collisions with the other types of cached requests. var key = OpenIddictConstants.Environment.LogoutRequest + context.Request.RequestId; // Note: the ApplyLogoutResponse event is called for both successful // and errored logout responses but discrimination is not necessary here, // as the logout request must be removed from the distributed cache in both cases. await options.Cache.RemoveAsync(key); } if (!options.ApplicationCanDisplayErrors && !string.IsNullOrEmpty(context.Error) && string.IsNullOrEmpty(context.PostLogoutRedirectUri)) { // Determine if the status code pages middleware has been enabled for this request. // If it was not registered or enabled, let the OpenID Connect server middleware render // a default error page instead of delegating the rendering to the status code middleware. var feature = context.HttpContext.Features.Get <IStatusCodePagesFeature>(); if (feature != null && feature.Enabled) { // Replace the default status code by a 400 response. context.HttpContext.Response.StatusCode = 400; // Mark the request as fully handled to prevent the OpenID Connect server middleware // from displaying the default error page and to allow the status code pages middleware // to rewrite the response using the logic defined by the developer when registering it. context.HandleResponse(); return; } } await _eventService.PublishAsync(new OpenIddictServerEvents.ApplyLogoutResponse(context)); }
public override async Task ApplyLogoutResponse([NotNull] ApplyLogoutResponseContext context) { var services = context.HttpContext.RequestServices.GetRequiredService <OpenIddictServices <TApplication, TAuthorization, TScope, TToken> >(); // Remove the logout request from the distributed cache. if (services.Options.EnableRequestCaching && !string.IsNullOrEmpty(context.Request.RequestId)) { // Note: the cache key is always prefixed with a specific marker // to avoid collisions with the other types of cached requests. var key = OpenIddictConstants.Environment.LogoutRequest + context.Request.RequestId; // Note: the ApplyLogoutResponse event is called for both successful // and errored logout responses but discrimination is not necessary here, // as the logout request must be removed from the distributed cache in both cases. await services.Options.Cache.RemoveAsync(key); } if (!context.Options.ApplicationCanDisplayErrors && !string.IsNullOrEmpty(context.Response.Error) && string.IsNullOrEmpty(context.Response.PostLogoutRedirectUri)) { // Determine if the status code pages middleware has been enabled for this request. // If it was not registered or enabled, let the OpenID Connect server middleware render // a default error page instead of delegating the rendering to the status code middleware. var feature = context.HttpContext.Features.Get <IStatusCodePagesFeature>(); if (feature != null && feature.Enabled) { // Replace the default status code by a 400 response. context.HttpContext.Response.StatusCode = 400; // Mark the request as fully handled to prevent the OpenID Connect server middleware // from displaying the default error page and to allow the status code pages middleware // to rewrite the response using the logic defined by the developer when registering it. context.HandleResponse(); } } }