search

oidcproxydotnet / OidcProxy.Net

An extendible framework for .NET to implement the BFF Security Pattern (a.k.a. Token Handler Pattern) in Single Page Applications
GNU Lesser General Public License v3.0
90 stars 18 forks source link

No means to provide a redirect url after ending the session #173

Open jusefb opened 3 months ago

jusefb commented 3 months ago

Description

First of all thanks for a great library, I have managed to implement BFF in my app using it, keep up the great work. I am just having one issue with the logout procedure. Currently, there appears to be no way to specify a redirect URL after ending a session in OidcProxy.Net. This functionality is crucial for a seamless user experience, allowing users to be redirected to a specified page after they log out. I am using Auth0 with Angular 17.

Expected Behavior

After a user ends their session using the /.auth/end-session endpoint, the application should redirect them to a pre-defined URL. This is typically handled by providing a post_logout_redirect_uri parameter in the logout request.

Current Behavior

There is no parameter or method documented or available in OidcProxy.Net that supports specifying a redirect URL post-logout. When a session is ended, the user is not redirected, impacting the user flow and experience.

Possible Solution

Implement an option to specify a post_logout_redirect_uri as part of the logout process. This could be a configuration in the startup settings or as part of the logout URL query parameters.

Steps to Reproduce

appie2go commented 3 months ago

Hi there,

Thanks for your feedback. I believe this issue is a duplicate of https://github.com/oidcproxydotnet/OidcProxy.Net/issues/123

Can you let me know if this provides a solution for you?

Thanks,

Albert

jusefb commented 3 months ago

Thank you for pointing at the above issue, however, I don't see any way of providing a post redirect URL when using Auth0Proxy. Also in the provided example you pass "options" to the method, I cant seem to be able to figure out what object is expected in this options parameter: ` o.RegisterIdentityProvider<IIdentityProvider, OpenIdConnectProviderWithRedirectUrl>(options);

I have tried to do this but I can't figure out how to correctly set the options parameter:

var authConfig = configuration
    .GetSection("OidcProxy")
    .Get<Auth0ProxyConfig>();

builder.Services.AddAuth0Proxy(authConfig, o =>
{
    o.RegisterIdentityProvider<IIdentityProvider, Auth0ProviderWithRedirectUrl>(options);
});
public class Auth0ProviderWithRedirectUrl : Auth0IdentityProvider
{
    public Auth0ProviderWithRedirectUrl(ILogger logger, IMemoryCache cache, HttpClient client, Auth0Config config) : base(logger, cache, client, config)
    {
    }
    protected override Task<Uri> BuildEndSessionUri(string? idToken, string redirectUri)
    {
        var goHereInstead = $"{redirectUri}dashboard";
        return base.BuildEndSessionUri(idToken, goHereInstead);
    }
}

Additionally if I try to use Oidc Provider with Auth0 I can not provide "Adience" to the Oidc configuration which breaks that integration with the Api that requests are being proxied to

appie2go commented 2 months ago

Hi,

Sorry for the late reply, i was traveling.

I see. I will see if I can include your example in the auth0 demo because i believe it's a valid case. I'll see if I can make that happen before the end of the month.

Cheers, and thanks again for your feedback,