我正在尝试使用 node-oidc-provider panva npm 设置从 sso 会话注销。 该流程似乎正常工作,但有两个 cookie 似乎仍然存在,“_session”和“.session.legacy”。 我不确定我缺少什么设置。 流程被重定向回 React ui,因此除了两个 cookie 未清除之外,整个流程似乎按预期工作。
features: {
rpInitiatedLogout: { enabled: true },
devInteractions: {
enabled: false,
},
introspection: {
enabled: true
},
revocation: { enabled: true },
encryption: { enabled: true },
jwtUserinfo: { enabled: true },
userinfo: { enabled: true },
pushedAuthorizationRequests: { enabled: true },
resourceIndicators: {
defaultResource: (ctx, client, oneOf) => {
if (oneOf) return oneOf;
return 'http://example.com';
},
enabled: true,
getResourceServerInfo: (ctx, resourceIndicator, client) => {
return ({
accessTokenTTL: 2 * 60 * 60, // 2 hours
accessTokenFormat: 'jwt',
jwt: {
sign: { alg: 'ES256' },
}
});
},
useGrantedResource: (ctx, model) => {
return true;
}
}
}
app.get('/logout', (req, res) => {
const { redirect_uri } = req.query;
const id_token = req.cookies.id_token;
const tokenExpiration = req.cookies.token_expiration;
const access_token = req.cookies.access_token;
const expires_in = req.cookies.expires_in;
res.clearCookie('id_token', { httpOnly: true, secure: true });
res.clearCookie('access_token', { httpOnly: true, secure: true });
res.clearCookie('token_expiration', { httpOnly: true, secure: true });
res.clearCookie('expires_in', { httpOnly: true, secure: true });
res.clearCookie('redirect_uri', { httpOnly: true, secure: true });
res.clearCookie('code_verifier', { httpOnly: true, secure: true });
res.clearCookie('state', { httpOnly: true, secure: true });
const endSessionUrl = `${process.env.URL_AUTHORITY}/oidc/session/end?id_token_hint=${id_token}&post_logout_redirect_uri=${encodeURIComponent(redirect_uri)}`;
res.redirect(endSessionUrl);
});
您确定会话具有有效的刷新令牌吗? 您的会话对象可能保留有无效的刷新令牌,以便您的用户信息保留用于营销。
jwtUserinfo: { enabled: true },
如果您的刷新令牌不起作用,也没关系。