Keycloak注销:使用表单身份验证时如何使用C#获取id_token?

Keycloak logout: How to obtain id_token with C# when forms authentication is used?

提问人:Markku Rintala 提问时间:6/16/2023 更新时间:10/12/2023 访问量:243

问:

我需要更新一个使用Keycloak的应用程序,该应用程序与Keycloak 19兼容。以前,使用Keycloak 17。注销后,浏览器使用该参数重定向到应用程序登录页面。redirect_uri

由于Keycloak 19不再支持该参数,因此我需要使用and参数来实现与Keycloak 17类似的行为。到目前为止,我已将参数添加到我的注销 URL,如下所示:.但是,这会带来错误“缺少参数:”。redirect_uriid_token_hintpost_logout_redirect_uripost_logout_redirect_urihttps://realm/protocol/openid-connect/logout?post_logout_redirect_uri=https://my-application/UserLogin.aspxid_token_hint

我需要帮助获取应添加到注销 URL 的参数的值。我的代码是用 C# 编写的。id_token_hint

目前,代码如下所示:UserLogin.aspx

public partial class CustomLogin : Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        // Check if sign out required
        if (SignOut)
        {
            ExecuteSignOut(Request, Response);
        }
        else
        {
            ExecuteSignIn(Request, Response);
        }
    }
    
    public static void ExecuteSignOut(HttpRequest request, HttpResponse response)
    {
        var redirectUri = request.Url.AbsoluteUri;
        
        var signOutUri = $"{Realm}/protocol/openid-connect/logout?" +
                        $"post_logout_redirect_uri={HttpUtility.UrlEncode(redirectUri)}";
                        
        response.Redirect(signOutUri, false);
        HttpContext.Current.ApplicationInstance.CompleteRequest();
    }
}

因此,最后,注销 URL 应如下所示:.https://realm/protocol/openid-connect/logout?id_token_hint=value_of_id_token&post_logout_redirect_uri=https://my-application/UserLogin.aspx

C# KeyCloak 表单身份验证 注销

评论

答:

0赞 Markku Rintala 10/12/2023 #1

为了回答我的问题,我这样做了:

//First, read code from request.
var code = request.QueryString["code"];
// Redirect URI was saved when user opened the sign in of the application. User was redirected to Keycloack.
var redirectUri = request.Cookies["RedirectUriCookieName"].value;

var tokens = JwtHelper.GetOAuth2TokensByCode(code, redirectUri);
var idtoken = tokens["id_token"].Value<string>();

其中 GetOAuth2TokensByCode 类似于

public static JObject GetOAuth2TokensByCode(string code, string redirectUri)
{
    var targetUrl = "https://_Keycloack_URL_/auth" + "/protocol/openid-connect/token";

    try
    {
        using (var client = new WebClient())
        {
            client.Headers.Add(HttpRequestHeader.ContentType, "application/x-www-form-urlencoded");

            var parameters = new System.Collections.Specialized.NameValueCollection
            {
                { "grant_type", "authorization_code" },
                { "client_id", OAuth2ClientId },
                { "client_secret", OAuth2ClientSecret },
                { "code", code },
                { "redirect_uri", redirectUri }
            };

            var response = client.UploadValues(targetUrl, "POST", parameters);
            var result = Encoding.UTF8.GetString(response);

            return JObject.Parse(result);
        }
    }
    catch (WebException e)
    {
    
    }
}

上一个:重定向到另一个网站时使用隐藏字段

下一个:IIS 10 表单身份验证非 ASP.NET 应用登录页被 401.2 阻止