the "/logout" handler in the document does nothing. #33599

BigSquareHasNoEdge · 2024-09-12T19:49:28Z

Description

Hello.

I have followed the example codes and found the "/logout" does nothing.

api.MapGet("/secret", 
    (ClaimsPrincipal user) =>
        Results.Text($"{user.Identity?.Name ?? "unknown user"}, I am your father.")
    )
    .RequireIdentityTokenAuthorization();  // policy based Auth

// ...

api.MapPost("/logout",
    async ([FromBody]object empty, SignInManager<ApplicationUser> signInManager) => 
    {
        if(empty is not null)
        {
            await signInManager.SignOutAsync();
            return Results.Ok();
        }

        return Results.BadRequest();
    })
    .RequireIdentityTokenAuthorization(); // policy base auth.

after POST to logout, GET secret with the access token still worked, while I didn't expected it would.

Page URL

https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity-api-authorization?view=aspnetcore-8.0#use-the-post-refresh-endpoint

Content source URL

https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/security/authentication/identity-api-authorization.md

Document ID

137d4b94-7b26-3911-b22d-42c754a95fc1

Article author

@tdykstra

The text was updated successfully, but these errors were encountered:

dotnet-bot added ⌚ Not Triaged aspnet-core/svc security/subsvc Source - Docs.ms Docs Customer feedback via GitHub Issue labels Sep 12, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

the "/logout" handler in the document does nothing. #33599

the "/logout" handler in the document does nothing. #33599

BigSquareHasNoEdge commented Sep 12, 2024

the "/logout" handler in the document does nothing. #33599

the "/logout" handler in the document does nothing. #33599

Comments

BigSquareHasNoEdge commented Sep 12, 2024

Description

Page URL

Content source URL

Document ID

Article author