在AspNet.Security.OpenIdConnect.Server
中,用于注销端点的逻辑留作练习。
在此示例中,它是使用 MVC 6 控制器实现的,您当然可以在其中自由添加自定义逻辑以从 Redis 服务器中删除缓存的详细信息。
[HttpPost("~/connect/logout")]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Logout() {
// When invoked, the logout endpoint might receive an unauthenticated request if the server cookie has expired.
// When the client application sends an id_token_hint parameter, the corresponding identity can be retrieved using AuthenticateAsync.
var identity = await HttpContext.Authentication.AuthenticateAsync(OpenIdConnectServerDefaults.AuthenticationScheme);
// Remove the cached details here. If you need to determine
// who's the authenticated user, you can use the identity variable.
// Remove the authentication cookie and return the user to the client application.
return SignOut("ServerCookie", OpenIdConnectServerDefaults.AuthenticationScheme);
}
您也可以直接从LogoutEndpoint
事件中执行类似的操作。不要忘记调用context.HandleResponse()
以确保请求没有被另一个中间件拦截。