我正在使用IdentityServer3並實施了自定義授權流程以實現與現有SSO實施的向後兼容。我正在使用API身份驗證的引用標記。我已經實現了ITokenHandleStore和IUserService。IdentityServer3令牌在註銷時不會被刪除
我能夠成功登錄並訪問我的應用程序。問題是,我註銷後,引用令牌仍然有效。
註銷時,我調用HttpContext.Current.GetOwinContext()。Authentication.SignOut();我還調用/ connect/endsession?id_token_hint = mYrEfErEnCeToKeN,並在查詢字符串參數上傳遞用戶的引用標記。
但是,無論是IUserService中的SignOutAsync方法還是ITokenHandleStore中的RemoveAsync方法都不會被調用。因此,令牌保留在我的令牌數據庫表中,即使在用戶註銷後,也會在後續請求上像對待有效令牌一樣處理。
執行自定義授權流程時註銷用戶的正確方法是什麼?如何從數據庫令牌存儲中刪除記錄?
當我打電話endsession端點從IdentityServer日誌顯示此:
Sam.Web.MicroServices.IdentityService.vshost.exe Information: 0 : 2016-07-13 04:07:14.835 -04:00 [Information] End access token validation request Sam.Web.MicroServices.IdentityService.vshost.exe Information: 0 : 2016-07-13 04:09:22.289 -04:00 [Information] Start end session request Sam.Web.MicroServices.IdentityService.vshost.exe Information: 0 : 2016-07-13 04:09:22.349 -04:00 [Information] Start end session request validation Sam.Web.MicroServices.IdentityService.vshost.exe Information: 0 : 2016-07-13 04:09:22.412 -04:00 [Information] Start identity token validation Sam.Web.MicroServices.IdentityService.vshost.exe Error: 0 : 2016-07-13 04:09:22.581 -04:00 [Error] Malformed JWT token System.ArgumentException: IDX10709: 'jwtEncodedString' is not well formed: '7dc2417fb752d096af2870c46ca8a181'. The string needs to be in compact JSON format, which is of the form: '..'. at System.IdentityModel.Tokens.JwtSecurityToken..ctor(String jwtEncodedString) in c:\workspace\WilsonForDotNet45Release\src\System.IdentityModel.To kens.Jwt\JwtSecurityToken.cs:line 68 at IdentityServer3.Core.Validation.TokenValidator.GetClientIdFromJwt(String token) in c:\local\identity\server3\Core\source\Core\Validation\TokenVa lidator.cs:line 347 Sam.Web.MicroServices.IdentityService.vshost.exe Error: 0 : 2016-07-13 04:09:22.648 -04:00 [Error] No clientId supplied, can't find id in identity tok en. Sam.Web.MicroServices.IdentityService.vshost.exe Error: 0 : 2016-07-13 04:09:22.701 -04:00 [Error] "Error validating id token hint." "{
\"SubjectId\": \"unknown\", \"Raw\": { \"id_token_hint\": \"7dc2417fb752d096af2870c46ca8a181\" } }" Sam.Web.MicroServices.IdentityService.vshost.exe Information: 0 : 2016-07-13 04:09:22.753 -04:00 [Information] Redirecting to logout page Sam.Web.MicroServices.IdentityService.vshost.exe Information: 0 : 2016-07-13 04:09:22.872 -04:00 [Information] Logout endpoint submitted Sam.Web.MicroServices.IdentityService.vshost.exe Information: 0 : 2016-07-13 04:09:22.944 -04:00 [Information] Clearing cookies Sam.Web.MicroServices.IdentityService.vshost.exe Information: 0 : 2016-07-13 04:09:23.013 -04:00 [Information] rendering logged out page
當我做的/撤銷端點IdentityServer通話記錄本顯示:
Sam.Web.MicroServices.IdentityService.vshost.exe Information: 0 : 2016-07-13 04:11:14.822 -04:00 [Information] CORS request made for path: "/connect/r evocation" from origin: "chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop" Sam.Web.MicroServices.IdentityService.vshost.exe Information: 0 : 2016-07-13 04:11:14.864 -04:00 [Information] AllowedOrigins configured and origin "c hrome-extension://fhbjgbiflinjbdggehcddcbncdddomop" is not allowed Sam.Web.MicroServices.IdentityService.vshost.exe Information: 0 : 2016-07-13 04:11:14.906 -04:00 [Information] Exiting; origin "chrome-extension://fhb jgbiflinjbdggehcddcbncdddomop" is not allowed Sam.Web.MicroServices.IdentityService.vshost.exe Information: 0 : 2016-07-13 04:11:14.941 -04:00 [Information] CorsPolicyService did not allow origin Sam.Web.MicroServices.IdentityService.vshost.exe Information: 0 : 2016-07-13 04:11:15.005 -04:00 [Information] Start token revocation request 2016-07-13 04:11:15.063 -04:00 [Debug] Start client validation 2016-07-13 04:11:15.064 -04:00 [Debug] Start parsing for X.509 certificate 2016-07-13 04:11:15.065 -04:00 [Debug] client_id is not found in post body 2016-07-13 04:11:15.066 -04:00 [Debug] Start parsing for secret in post body 2016-07-13 04:11:15.067 -04:00 [Debug] No secret in post body found 2016-07-13 04:11:15.068 -04:00 [Debug] Start parsing Basic Authentication secret Sam.Web.MicroServices.IdentityService.vshost.exe Information: 0 : 2016-07-13 04:11:15.069 -04:00 [Information] Parser found no secret Sam.Web.MicroServices.IdentityService.vshost.exe Information: 0 : 2016-07-13 04:11:15.124 -04:00 [Information] No client secret found Sam.Web.MicroServices.IdentityService.vshost.exe Information: 0 : 2016-07-13 04:11:15.175 -04:00 [Information] Returning error: invalid_client
我會今天測試一下,並假設它的工作我會接受這個答案。謝謝! – jkruer01