How To Add Custom Parameters to Identity Server LogoutRequest?

Question

I have a legacy ASP.NET MVC (Owin) website using the latest OpenIdConnect library, and .NET Core 3.1 MVC Identity Server app running the latest Identity Server package.

I need to pass a custom parameter to Identity Server at logout (the use case is that I need to display a different "logout reason" message depending on how the logout was initiated on the client). So I'm intercepting the OpenIdRequestType.Logout notification setting a custom parameter via n.ProtocolMessage.SetParameter("some_key", "SomeValue") and I can see that the Parameters dictionary has the new value in it. But when the Logout post to my Identity Server comes in, the LogoutRequest.Parameters collection is empty.

                Notifications = new OpenIdConnectAuthenticationNotifications
                {
                    RedirectToIdentityProvider = async n =>
                    {
                        switch (n.ProtocolMessage.RequestType)
                        {
                            case OpenIdConnectRequestType.Logout:
                                n.ProtocolMessage.SetParameter("some_key", "SomeValue"); 
                                break;
    ...

On the Identity Server side, I'm calling

            var logout = await _interaction.GetLogoutContextAsync(logoutId);

and finding that logout.Parameters is empty.

I found this SO question that suggests that the oidc-client javascript library can handle adding additional parameters that will show up in the LogoutRequest object so I'm guessing it's possible and I'm just missing something simple. Any ideas would be appreciated.

can you check on HTTP level if those are being sent to IdSvr in the query string? feel free to post snapshot of network tab on browser. — nahidf, Sep 02 '20 at 21:24
also I should say, you are on right track, setting parameter on `RedirectToIdentityProvider` is doing same thing that `extraqueryparameters` does on oidc-client. Both are adding a parameter to query strings when redirecting back to IdSvr — nahidf, Sep 02 '20 at 21:27
@nahidf I checked the network tab and, in fact, the parameter is added to the `connect/endession` query string, but it seems to disappear after that - the call to the `logout` endpoint in my controller that takes a `logoutId` doesn't have the parameter in the query string, and when I `GetLogoutContextAsync(logoutId)`, the `Parameters` property remains empty. I wonder if this is a bug in Identity Server? — Mr. T, Sep 03 '20 at 15:07
Confirmed as a bug in IdentityServer 4, looks like it's slated for the 4.1 release. https://github.com/IdentityServer/IdentityServer4/issues/4824#issuecomment-689002139 — Mr. T, Sep 09 '20 at 18:15

How To Add Custom Parameters to Identity Server LogoutRequest?

0 Answers0