ASP.NET Core migrate from 1.1 to 2.0

joakim · August 28, 2017, 4:58pm

I get an error Cannot redirect to the end session endpoint, the configuration may be missing or invalid when signing out.

Schemas

 services.AddAuthentication(options =>
    {
        options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
    })

I get the error when trying to logout using await HttpContext.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme);.

Login is return new ChallengeResult(OpenIdConnectDefaults.AuthenticationScheme, ..)

These were previously “Auth0” as that schema was registered along with the options class in the constructor and that has been removed in 2.0.

What is the proper way to set up the schemas?

@jerrie1

jerrie · August 28, 2017, 5:19pm

The ASP.NET Core OIDC provider automatically discovers the endpoints for any OIDC provider. Auth0, however, does not specify a logout endpoint, as out logout endpoint requires some extra parameters (such as the ClientID) to be passed along.

So what you will need to do is to handle the OnRedirectToIdentityProviderForSignOut event and specify the Logout endpoint manually. See these lines in the Quickstart samples:
https://github.com/auth0-samples/auth0-aspnetcore-mvc-samples/blob/v2/Quickstart/01-Login/SampleMvcApp/Startup.cs#L60-L80

BTW 1: this was the same in ASP.NET Core 1.1, so not sure why you are picking up on this only now?

BTW 2: To challenge the OIDC middleware you can now use:

await HttpContext.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties() { RedirectUri = returnUrl });

And in your case, since you specified the DefaultChallengeScheme as OpenIdConnectDefaults.AuthenticationScheme, you should actually just be able to call ChallengeAsync without specifying the scheme

joakim · August 28, 2017, 7:08pm

BTW1: Then I’ll never “properly” signed out of Auth0 I guess… With those lines in place the sessions seem to be lost since I now dont get “Last time you signed in with …”.

BTW2: Yes that I possible, but only if I change this to OpenIdConnectDefaults.AuthenticationSchemealternatively leave blank which probable just calls the overload with the aforementioned const.

Topic		Replies	Views
User Logout Endpoint Help	4	8282	July 25, 2019
OIDC-client and Auth0: How to log out correctly? Help	2	12296	August 8, 2019
Trouble terminating Auth0 user session Help logout , sessions	9	1598	November 3, 2023
logout redirect uri Help logout , oidc-conformant	1	4790	March 2, 2018
Can't redirect to logout adress Help auth0net , sdks-quickstarts	4	1428	February 23, 2023

ASP.NET Core migrate from 1.1 to 2.0

Related topics