From fc727ec5a2e8f1f4c07701e58643bb96cf504a7e Mon Sep 17 00:00:00 2001 From: James Gunn Date: Tue, 23 Apr 2024 14:06:15 +0100 Subject: [PATCH] Expose SaveTokens option --- CHANGELOG.md | 5 +++++ src/GovUk.OneLogin.AspNetCore/OneLoginOptions.cs | 15 +++++++++++---- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d7f43c9..841829e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # Changelog +## Unreleased + +Expose `SaveTokens` option on `OneLoginOptions`. + + ## 0.3.1 Adds `NationalInsuranceNumber` member to `OneLoginClaimTypes`. diff --git a/src/GovUk.OneLogin.AspNetCore/OneLoginOptions.cs b/src/GovUk.OneLogin.AspNetCore/OneLoginOptions.cs index f8969f9..a522d60 100644 --- a/src/GovUk.OneLogin.AspNetCore/OneLoginOptions.cs +++ b/src/GovUk.OneLogin.AspNetCore/OneLoginOptions.cs @@ -34,9 +34,6 @@ public OneLoginOptions() GetClaimsFromUserInfoEndpoint = true, UseTokenLifetime = false, - // We'll save the ID token ourselves - we need it for sign out - SaveTokens = false, - MapInboundClaims = false, DisableTelemetry = true }; @@ -156,6 +153,13 @@ public CookieBuilder CorrelationCookie /// public OpenIdConnectEvents Events { get; } + /// + public bool SaveTokens + { + get => OpenIdConnectOptions.SaveTokens; + set => OpenIdConnectOptions.SaveTokens = value; + } + internal OpenIdConnectOptions OpenIdConnectOptions { get; private set; } internal bool IncludesCoreIdentityClaim => Claims.Contains(OneLoginClaimTypes.CoreIdentity); @@ -223,7 +227,10 @@ internal Task OnRedirectToIdentityProvider(RedirectContext context) internal Task OnTokenResponseReceived(TokenResponseReceivedContext context) { - if (context.TokenEndpointResponse.IdToken is string idToken) + // Always store the id_token, even if SaveTokens is false; + // without it sign out doesn't work end-to-end. + + if (!context.Options.SaveTokens && context.TokenEndpointResponse.IdToken is string idToken) { context.Properties?.StoreTokens(new[] {