Home > Enterprise >  Dynamic post_logout_uri and redirect_uri in IdentityServer4
Dynamic post_logout_uri and redirect_uri in IdentityServer4

Time:09-28

I came across an issue where one of my clients is sending postlogouturi with dynamic parameters.

I have registered a client in ClientStore from the IdentityServer4 side

new Client({
  clientId: "some_id",
  redirectUri: {"https://www.example.com/callback1","https://www.example.com/callback2"},
  postLogoutUri: {"https://www.example.com/postlogout1","https://www.example.com/postlogout2"},
  ... some other config,
})

Here the client is a React application and they are using the oidc-client library to connect with the Identity server

If they use the below config everything is working fine and we can get postlogouturi on the IdentityServer side and redirect clients to that URL once they logout.

var config = {
    authority: "https://www.ouridentityserver.com",
    client_id: "some_id",
    redirect_uri: "https://www.example.com/callback1",
    response_type: "id_token token",
    scope:"openid profile api1",
    post_logout_redirect_uri : "https://www.example.com/postlogout1",
};
var mgr = new Oidc.UserManager(config);

But the client's requirement is to add some query parameters to the post-logout-Uri to the above config

post_logout_redirect_uri : "https://www.example.com/postlogout1?language=chinese&param1=value1&param2=value2"

Here language, value1, and value2 are dynamic so we cannot register the client with those exact post-logout-uris on the IdentityServer side. So whenever they use those dynamic parameters on postlogouturi IdentityServer was getting postlogouturi as null and was not able to redirect to that URI when they logout.

can someone help me to understand is there any way to validate that dynamic uris on the IdentityServer side? Thanks in advance :)

CodePudding user response:

After doing some R&D, I have some how managed to find a solution for this using HttpContextAccessor. Whenever any user clicks logout from client side the request comes to IdentityServer and we can get the post_logout_redirect_uri of client dynamically with the below code.

 var dynamicPostLogoutUri = _httpContextAccessor.HttpContext.Request.Query["post_logout_redirect_uri"].ToString();

once we get the post_logout_redirect_uri (which has dynamic query parameters) we can simply register that on ClientStore for that client at the runtime dynamically.

   new Client({
      clientId: "some_id",
      redirectUri: {"https://www.example.com/callback1","https://www.example.com/callback2"},
      postLogoutUri: {dynamicPostLogoutUri ,"https://www.example.com/postlogout1","https://www.example.com/postlogout2"},
      ... some other config,
    })

I'm sharing this solution as I thought this answer may be useful for others.

  • Related