Closed SeminDM closed 3 years ago
The OAuth2 spec doesn't define a sign-out mechanism, that was first included in the OpenIdConnect spec.
Looking at google's OIDC docs there's no mention of them supporting the OIDC signout flow.
I see you're doing a lot of development with the Microsoft.Owin libraries lately. Have you looked at using ASP.NET Core instead? That's recommended for new development.
Is it mean if I want to support SSO and SLO by Google I have to use "not-OIDC" library?
I work on big monolith application which use Asp.net MVC5. We plan to migrate Asp.net Core in the future.
That's a question for Google, but I don't see any indication they support SLO on any protocol.
@Tratcher ok. Thank you very much for your help!
Hello! I try to support authentication by Google in my app.
First time I called GoogleOAuth2AuthenticationMiddleware but GoogleOAuth2AuthenticationHandler doesn't override parent method which performs sign-out.
I try to use OpenIdConnectAuthenticationMiddleware. Sign-in works fine but sign-out doesn't work. Configuration manager doesn't set EndSessionEndpoint property for
OpenIdConnectConfiguration
and therefore redirectUri has no host.GoogleOAuth2AuthenticationMiddleware
doesn't support sign-out. OpenId Connect supports logout, doesn't it?EndSessionEndpoint
manually but I don't know right value. Could you adviseEndSessionEndpoint
for Google?Thank you!