Pass a session end message to login form

[MH61Aus]

Which version of Duende IdentityServer are you using?

7.0.3

Which version of .NET are you using?

8

Describe the bug

Question... and I realize this has more to do with the OIDC library than Duende, but I feel like this could be included in the samples/etc.

When I'm in the cookie event handler of a client and force signout because back channel logout was completed, or because the session was terminated (session inactivity detected), my client appropriately responds by sending the user back to the login page on the identity server. It would be nice if I could add a message to the model state here saying something like "your session has ended, please log in again", since the user receives no explanation as to why they are back at the login page.

But I can't figure out how/where to pass this through. I tried calling ChallengeAsync straight after the signout, and passing it auth properties with some parameters, but i'm not seeing this at the login page.

I noticed that The back channel logout and session management have a home page that is not secured, so when you are logged out you are sent to the home page instead of the login page, whereas the quickstarts secure the homepage, so the first thing you see when loading the website (and after signout) is the login page.... not sure if this is deliberately different to illustrate that users should be sent back to a home page in such a scenario. would be nice to see something backed into the samples, as I feel this is a pretty standard use case.

[RolandGuijt]

You could handle the OnRedirectToIdentityProvider event in the handler. Something like this:

        .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, b =>
        {
            ..
            b.Events = new OpenIdConnectEvents
            {
                OnRedirectToIdentityProvider = context =>
                {
                    context.ProtocolMessage.SetParameter("acr_values", "somevalue");
                    return Task.CompletedTask;
                }
            };

To read the value on IdentityServer in the login page/action you can do this:

            var context = await _interaction.GetAuthorizationContextAsync(returnUrl);
            var values = context.AcrValues;

Where _interaction is an object that can be resolved with the IIdentityServerInteractionService interface from DI. Thanks for your suggestion to add an example for this. I'll see if I can add that.

[MH61Aus]

Thanks for the response - I couldn't quite get this working, but I'm side-tracked with other work. I'll try to revisit it soon and add my solution when I'm done

[RolandGuijt]

OK, I'm closing this for now. Should you have problems during the revisit, feel free to reopen.