add oidc logout url to support auth0 (#1134)

3 years ago · a21b6f9f4e
3 changed files with 35 additions and 9 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -12,6 +12,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
				@@ -12,6 +12,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
    - `OIDC__AUTHORITY`
    - `OIDC__CLIENTID`
    - `OIDC__CLIENTSECRET`
+    - `OIDC__LOGOUTURI` (optional, needed for Auth0)

 ### Fixed
 - Fix schedule editor crashing due to bad music video artist data
--- a/ErsatzTV/OidcHelper.cs
+++ b/ErsatzTV/OidcHelper.cs
@ -7,6 +7,7 @@ public static class OidcHelper
				@@ -7,6 +7,7 @@ public static class OidcHelper
        Authority = configuration["OIDC:Authority"];
        ClientId = configuration["OIDC:ClientId"];
        ClientSecret = configuration["OIDC:ClientSecret"];
+        LogoutUri = configuration["OIDC:LogoutUri"];

        IsEnabled = !string.IsNullOrWhiteSpace(Authority) &&
                   !string.IsNullOrWhiteSpace(ClientId) &&
@ -16,5 +17,6 @@ public static class OidcHelper
				@@ -16,5 +17,6 @@ public static class OidcHelper
    public static string Authority { get; private set; }
    public static string ClientId { get; private set; }
    public static string ClientSecret { get; private set; }
+    public static string LogoutUri { get; private set; }
    public static bool IsEnabled { get; private set; }
 }
--- a/ErsatzTV/Startup.cs
+++ b/ErsatzTV/Startup.cs
@ -61,10 +61,12 @@ using Ganss.Xss;
				@@ -61,10 +61,12 @@ using Ganss.Xss;
 using MediatR;
 using MediatR.Courier.DependencyInjection;
 using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.AspNetCore.StaticFiles;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.FileProviders;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.IO;
 using MudBlazor.Services;
 using Newtonsoft.Json;
@ -129,14 +131,16 @@ public class Startup
				@@ -129,14 +131,16 @@ public class Startup
                        options.DefaultScheme = "cookie";
                        options.DefaultChallengeScheme = "oidc";
                    })
-                .AddCookie("cookie", options =>
-                {
-                    options.CookieManager = new ChunkingCookieManager();
+                .AddCookie(
+                    "cookie",
+                    options =>
+                    {
+                        options.CookieManager = new ChunkingCookieManager();

-                    options.Cookie.HttpOnly = true;
-                    options.Cookie.SameSite = SameSiteMode.None;
-                    options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
-                })
+                        options.Cookie.HttpOnly = true;
+                        options.Cookie.SameSite = SameSiteMode.None;
+                        options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
+                    })
                .AddOpenIdConnect(
                    "oidc",
                    options =>
@ -145,14 +149,33 @@ public class Startup
				@@ -145,14 +149,33 @@ public class Startup
                        options.ClientId = OidcHelper.ClientId;
                        options.ClientSecret = OidcHelper.ClientSecret;

-                        options.ResponseType = "code";
+                        options.ResponseType = OpenIdConnectResponseType.Code;
                        options.UsePkce = true;
-                        options.ResponseMode = "query";
+                        options.ResponseMode = OpenIdConnectResponseMode.Query;
+
+                        options.Scope.Clear();
+                        options.Scope.Add("openid");
+
+                        options.CallbackPath = new PathString("/callback");

                        options.SaveTokens = true;

                        options.NonceCookie.SecurePolicy = CookieSecurePolicy.Always;
                        options.CorrelationCookie.SecurePolicy = CookieSecurePolicy.Always;
+
+                        if (!string.IsNullOrWhiteSpace(OidcHelper.LogoutUri))
+                        {
+                            options.Events = new OpenIdConnectEvents
+                            {
+                                OnRedirectToIdentityProviderForSignOut = context =>
+                                {
+                                    context.Response.Redirect(OidcHelper.LogoutUri);
+                                    context.HandleResponse();
+
+                                    return Task.CompletedTask;
+                                }
+                            };
+                        }
                    });
        }