Call the Login screen after a period of 20 minutes.

alvpaz commented 7 years ago

On the server project the client is configured this way

   public class Clients
    {
        public static IEnumerable<Client> GetClients()
        {

            return new[]
            {
                new Client
                {
                    ClientId = "system-fornecedor",
                    ClientName = "System Fornecedor",
                    Flow = Flows.Implicit,
                    RequireConsent = false,
                    LogoutSessionRequired = true,
                    AccessTokenType = AccessTokenType.Jwt,
                    AccessTokenLifetime = 10,
                    AllowedScopes = new List<string>
                    {
                        "openid",
                        "profile",
                        "email",
                        "roles",
                        "all_claims",
                        "offline_access"
                    },
                    RedirectUris = new List<string>
                    {
                        "https://localhost:44393/Fornecedor/",
                    },
                    PostLogoutRedirectUris = new List<string>
                    {
                        "https://localhost:44393/Fornecedor/",
                    },
                }
            };
        }
    }

In the client project the startup class is configured like this:


public class Startup
    {
  public void Configuration(IAppBuilder app)
        {
            JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
            AntiForgeryConfig.UniqueClaimTypeIdentifier = IdentityModel.JwtClaimTypes.Name;

            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = "Cookies",
                //ExpireTimeSpan = TimeSpan.FromSeconds(10),
                //SlidingExpiration = true,

            });

            var clientId = "system-fornecedor";
            var authority = "https://localhost:44329/login/core/";
            var redirectUri = "https://localhost:44393/Fornecedor/";

            app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
            {
                ClientId = clientId,
                Authority = authority,
                RedirectUri = redirectUri,
                //UseTokenLifetime = false,
                ResponseType = "id_token token",
                Scope = "openid profile email roles all_claims",

                TokenValidationParameters = new TokenValidationParameters
                {
                    NameClaimType = "name",
                    RoleClaimType = "role"
                },

                SignInAsAuthenticationType = "Cookies",

                Notifications = new OpenIdConnectAuthenticationNotifications()
                {
                    SecurityTokenValidated = async n =>
                    {
                        var nid = new ClaimsIdentity(
                            n.AuthenticationTicket.Identity.AuthenticationType,
                            "name",
                            "role");

                        // get userinfo data
                        var userInfoClient = new UserInfoClient(
                            new Uri(n.Options.Authority + "/connect/userinfo"),n.ProtocolMessage.AccessToken);

                        var userInfo = await userInfoClient.GetAsync();
                        userInfo.Claims.ToList().ForEach(ui => nid.AddClaim(new Claim(ui.Item1, ui.Item2)));

                        // keep the id_token for logout
                        nid.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));

                        // add access token for sample API
                        nid.AddClaim(new Claim("access_token", n.ProtocolMessage.AccessToken));

                        // keep track of access token expiration
                        nid.AddClaim(new Claim("expires_at", DateTimeOffset.Now.AddSeconds(int.Parse(n.ProtocolMessage.ExpiresIn)).ToString()));

                        // add some other app specific claim
                        nid.AddClaim(new Claim("app_specific", "some data"));

                        n.AuthenticationTicket = new AuthenticationTicket(
                            nid,
                            n.AuthenticationTicket.Properties);
                    },

                    RedirectToIdentityProvider = n =>
                    {
                        if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
                        {
                            var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");

                            if (idTokenHint != null)
                            {
                                n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
                            }
                        }

                        return Task.FromResult(0);
                    },

                }
            });
        }
    }

I researched a lot, I can not find a way to automatically logout the Client and redirect to the Login screen, which I am doing wrong.

Please, somebody

help me

j-hurst commented 7 years ago

I had a similar question back in May, this might help you #2921 . I wanted to log the user out after a period of time.

Based on what I have implemented, you will end up having to keep track of the time and make that logout call yourself though.

Hope it helps. Good luck!

brockallen commented 7 years ago

This seems to be a general question about IdentityServer - not a bug report or an issue.

Please use StackOverflow for that. This has the advantage that questions and answers can be easily found by search engines, and that there are more people answering questions than just us.

For IdentityServer3 https://stackoverflow.com/questions/tagged/?tagnames=identityserver3&sort=newest

For IdentityServer4 https://stackoverflow.com/questions/tagged/?tagnames=identityserver4&sort=newest

For commercial support https://identityserver.io/

IdentityServer / IdentityServer3