Logout from client doesn't work. Identity Server4

Question

I am currently implementing OAuth Server with IdentityServer4 using .NET Core 3.1 and React for client SPA.

When I click logout I get the following:

React JS:

   const handleLogout = async () => {
    const token = sessionStorage.getItem("id_token");
    userManager.signoutRedirect({
      id_token_hint: token
    });
   };

IdentityServer4 Configuration:

   new Client
        {
            ClientId = _mobileAuthorizationCodeClientId,
            ClientName = _mobileAuthorizationCodeClientName,
            AllowedGrantTypes = GrantTypes.Code,
            RequirePkce = true,
            RequireClientSecret = false,
            RequireConsent = false,
            AllowAccessTokensViaBrowser = true,
            AllowOfflineAccess = true,
            
            AllowedScopes =
            {
                _avlApi, _clearingApi, _reportingApi, _assetManagementApi, _ticketingApi,
                IdentityServerConstants.StandardScopes.OpenId,
                IdentityServerConstants.StandardScopes.Profile,
                IdentityServerConstants.StandardScopes.OfflineAccess,
            },

            RedirectUris = { "https://localhost:3000/signin-callback" },
            PostLogoutRedirectUris = { "https://localhost:3000/signout-callback" },
            AllowedCorsOrigins = { "https://localhost:3000" },
        },

Startup.cs relevant parts:

        services.AddIdentity<ApplicationUser, IdentityRole>(config =>
        {
            config.Password.RequiredLength = 4;
            config.Password.RequireDigit = false;
            config.Password.RequireNonAlphanumeric = false;
            config.Password.RequireUppercase = false;
        })
        .AddEntityFrameworkStores<ApplicationDbContext>()
        .AddDefaultTokenProviders();

        services.AddIdentityServer(options =>
            {
                options.IssuerUri = publicOrigin;
                options.PublicOrigin = publicOrigin;
                options.UserInteraction = new UserInteractionOptions()
                {
                    LogoutUrl = "/account/logout",
                    LoginUrl = "/account/login",
                    LoginReturnUrlParameter = "returnUrl",
                    CustomRedirectReturnUrlParameter = "returnUrl",
                };
            })
            .AddAspNetIdentity<ApplicationUser>() 
            .AddInMemoryIdentityResources(Config.GetResources())
            .AddInMemoryApiResources(Config.GetApis())
            .AddInMemoryClients(Config.GetClients())
            .AddDeveloperSigningCredential()
            .AddProfileService<IdentityProfileService>();

        services.AddAuthentication();

I don't see any error logs from IDP. I've tried to get some workaround around similar issue. https://github.com/IdentityServer/IdentityServer4/issues/3854

The weird thing. If connect/endsession is not canceled - the logout works as expected.

We using https://github.com/maxmantz/redux-oidc for client react js.

Versions:

<PackageReference Include="IdentityServer4" Version="3.1.3" />
<PackageReference Include="IdentityServer4.AspNetIdentity" Version="3.1.3" />

Question is: why connect/endsession is cancelled?

Any information will be highly appreciated!

Answer 1

Are you missing an await on the below line?

await userManager.signoutRedirect({ id_token_hint: token });

usually, the requests will be canceled when the user gets redirected to a new page, I see the subsequent call after the canceled call is authorize which will redirect the user...

hopefully adding await may solve the problem.