RolandGuijt
commented
1 month ago We don't support calling UseIdentityServer like that. It should be called directly on the WebApplication (app) object.
What are you trying to achieve? Do you want to run IdentityServer beneath a path?
If so: We do not generally recommend to host the IdentityServer beneath a path. The security model for cookie isolation works better if IdentityServer is hosted on a separate host.
The security model for cookies relies on the host being the security boundary. A cookie with a path will only be sent with requests related to that path, but it is still possible for any page/endpoint on the same host to set and overwrite cookies on that path. The same is not true for different hosts. Only the specific host can set a cookie that applies to that host.
KhandelwalMayur28
Which version of Duende IdentityServer are you using? 7.0.7
Which version of .NET are you using? net8.0
Describe the bug The signout method is not working when we use IdentityServer and Authorization with Map.
To Reproduce
Steps to reproduce the behavior.
Use IdentityServer and Authorization with Map.
Change LoginUrl and LogoutUrl
The above changes calls the logout method but it doesn't signout the user and user is still logged-in.
I also tried the following - await HttpContext.SignOutAsync("idsrv");
And when I removed the Map, the SignOut method is working properly with await HttpContext.SignOutAsync();
Expected behavior
The SignOut method should logout the user with Map also.
Log output/exception with stacktrace
Additional context
Add any other context about the problem here.