Auth0 Home Blog Docs

ASP.NET Core migrate from 1.1 to 2.0



I get an error Cannot redirect to the end session endpoint, the configuration may be missing or invalid when signing out.


 services.AddAuthentication(options =>
        options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;

I get the error when trying to logout using await HttpContext.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme);.

Login is return new ChallengeResult(OpenIdConnectDefaults.AuthenticationScheme, ..)

These were previously “Auth0” as that schema was registered along with the options class in the constructor and that has been removed in 2.0.

What is the proper way to set up the schemas?



The ASP.NET Core OIDC provider automatically discovers the endpoints for any OIDC provider. Auth0, however, does not specify a logout endpoint, as out logout endpoint requires some extra parameters (such as the ClientID) to be passed along.

So what you will need to do is to handle the OnRedirectToIdentityProviderForSignOut event and specify the Logout endpoint manually. See these lines in the Quickstart samples:

BTW 1: this was the same in ASP.NET Core 1.1, so not sure why you are picking up on this only now?

BTW 2: To challenge the OIDC middleware you can now use:

await HttpContext.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties() { RedirectUri = returnUrl });

And in your case, since you specified the DefaultChallengeScheme as OpenIdConnectDefaults.AuthenticationScheme, you should actually just be able to call ChallengeAsync without specifying the scheme


BTW1: Then I’ll never “properly” signed out of Auth0 I guess… With those lines in place the sessions seem to be lost since I now dont get “Last time you signed in with …”.

BTW2: Yes that I possible, but only if I change this to OpenIdConnectDefaults.AuthenticationSchemealternatively leave blank which probable just calls the overload with the aforementioned const.