0

I have a Asp.Net Core 6.0 MVC app, which authenticates with our Duende IdentityServer (v6.2.3). When I want to logout of identityserver, it states that you must call the end session endpoint. One of the params is id_token, which is needed so it can determine the client. The thing is, I don't get an id_token when authenticating, so how can I get this? Appreciate any help.

The client is configured as 'authorization_code' grant type in identityserver, and OpenIdConnect ResponseType option is set to "code". I've tried changing this to 'code id_token', but this results in an error.

doogdeb
  • 1
  • 2
  • Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking. – Community Jun 01 '23 at 10:35
  • How did you log out? Can you provide a [minimal reproducible example](https://stackoverflow.com/help/minimal-reproducible-example)? [Documentation](https://docs.duendesoftware.com/identityserver/v5/ui/logout/session_cleanup/) shows that you can directly use `await HttpContext.SignOutAsync();` to log out, no `id_token` required. – Chen Jun 02 '23 at 09:15

2 Answers2

0

You should always receive an ID token after authenticating the user if you ask for the openid scope and the response mode is response_type=code.

Perhaps the id-token is not persisted properly (ie remembered) after authentication?

Tore Nestenius
  • 16,431
  • 5
  • 30
  • 40
0

I didn't realise that the id_token was contained within the authentication ticket in the cookie. I just added this bit of code to retrieve it.

var properties = (await _contextAccessor.HttpContext?.AuthenticateAsync()!).Properties?.Items!;

if (properties != null && properties.TryGetValue(".Token.id_token", out var token))
   return token;

return null;
doogdeb
  • 1
  • 2