Open Matheos96 opened 3 days ago
The logout page might require the cookie for cleanup and logout notifications. The browser cannot be skipped.
You could always create your own programmatic & proprietary logout endpoint if you think that is sufficient for your environment.
Right, yeah. Did not consider cookies. And yes, I can always make my own override of course
This came to mind earlier today at work. I realized it is a bit bothersome having to ensure that the
LogoutAsync
function is run on a UI Thread in case we have given an IBrowser that for example uses Winforms. I think that logout actions could be quite simply "logout and forget" as I don't often personally care about a redirect etc at that point.I see that the method is virtual so technically I could create my own override, but would it be wise to either give the default implementation a parameter to somehow avoid the IBrowser use altogether, or create a new
LogoutAndForgetAsync
(bad name) which would simply use anHttpClient
or something to make a single request for the logout (+ whatever oidcclient cleanup needs to be done)?