Cannot logout from OWIN external identity provider via PKCE

Ed Brinkman 121 Reputation points
2021-03-15T12:34:56.577+00:00

I have been unable to logout from an OWIN external identity provider. Either the user is not completely logged out or the website goes into an infinite loop of redirects. I am changing an existing asp.net MVC 4 website. I am not using Azure active directory. I am working with ForgeRock. I am open to ideas. I am required to use PKCE. The PKCE works in the OWIN startup file. It does not work in the LoginController. HTTP 400 bad request is returned when calling /connect/endSession without a code_verifier due to PKCE turned on. My problem is that I cannot get the code verifier in the LoginController method that calls the endSession endpoint. The startup class is not executed at all. The PKCE code is all in the startup.cs file. I do not know how to get the code verifier outside the Startup class file. My PKCE code came from the post at https://www.scottbrady91.com/ASPNET/Refreshing-your-Legacy-ASPNET-IdentityServer-Client-Applications

One attempt with the below code to logout. The redirect after logout causes an infinite loop of redirects. The login page never displays.

if (HttpContext.User.Identity.IsAuthenticated)
{
HttpContext.GetOwinContext().Authentication.SignOut("Cookies");
HttpContext.GetOwinContext().Authentication.SignOut("oidc");
}
return RedirectToAction("Index", "Home");

Another attempt with the below code does not completely logout the user. The login page never displays. The user can still access the website.

HttpContext.GetOwinContext()
.Authentication
.SignOut(CookieAuthenticationDefaults.AuthenticationType);

ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,246 questions
0 comments