feat: Improved/simplified sign out.

philipp-meier · Oct 25, 2024 · 366874b · 366874b
1 parent 0d2aaa6
commit 366874b
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 15 deletions.
diff --git a/src/Chrono/ConfigureSecurity.cs b/src/Chrono/ConfigureSecurity.cs
@@ -26,7 +26,6 @@ public static void AddWebUiSecurityServices(this IServiceCollection services, IC
                 //options.Cookie.SameSite = SameSiteMode.Strict;
 
                 options.Cookie.Name = configuration["IdentityProvider:CookieName"];
-                options.Events.OnSigningOut = e => e.HttpContext.RevokeUserRefreshTokenAsync();
             })
             .AddOpenIdConnect(options =>
             {

diff --git a/src/Chrono/Features/Users/LoginController.cs b/src/Chrono/Features/Users/LoginController.cs
@@ -2,33 +2,26 @@
 using Chrono.Shared.Api;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace Chrono.Features.Users;
 
 [Authorize]
 [ApiExplorerSettings(IgnoreApi = true)]
-public class LoginController(IConfiguration config) : ApiControllerBase
+public class LoginController : ApiControllerBase
 {
     [HttpGet]
-    public async Task<ActionResult> Get([FromQuery] string redirectUrl, [FromQuery] string sign = "in")
+    public ActionResult Get([FromQuery] string redirectUrl, [FromQuery] string sign = "in")
     {
         if (sign == "in")
         {
             return Redirect(redirectUrl);
         }
 
-        SignOut("cookie", "oidc");
-
-        // To ensure that all auth. cookies are being deleted, since ASP.NET Core uses the ChunkingCookieManager for cookie authentication by default.
-        new ChunkingCookieManager().DeleteCookie(HttpContext, config["IdentityProvider:CookieName"]!,
-            new CookieOptions());
-
-        var idToken = await HttpContext.GetTokenAsync("id_token");
-        var logoutUrl = config["IdentityProvider:LogoutUrl"];
-
-        return Redirect(
-            $"{logoutUrl}?id_token_hint={idToken}&post_logout_redirect_uri={HttpUtility.UrlEncode(redirectUrl)}");
+        return SignOut(new AuthenticationProperties { RedirectUri = redirectUrl },
+            CookieAuthenticationDefaults.AuthenticationScheme,
+            OpenIdConnectDefaults.AuthenticationScheme);
     }
 }
diff --git a/src/Chrono/appsettings.json b/src/Chrono/appsettings.json
@@ -13,7 +13,6 @@
     "CookieName": "ChronoAuth",
     "Authority": "https://<TODO>.auth0.com/",
     "JwksUri": "https://<TODO>.auth0.com/.well-known/jwks.json",
-    "LogoutUrl": "https://<TODO>.auth0.com/oidc/logout",
     "ClientId": "<TODO>",
     "ClientSecret": "<TODO>"
   },