I have been successfully reading the logged in OIDC authentication scheme from IAuthenticateResultFeature when using OIDC. I need to know this scheme to perform sign out. This is for a .NET 8 ASP.NET website.
var authProperties = httpContext?.Features.GetRequiredFeature<Microsoft.AspNetCore.Authentication.IAuthenticateResultFeature>();
authScheme = authProperties.AuthenticateResult!.Ticket!.Properties.Items[".AuthScheme"];
I have just introduced a JWT bearer token to the same website and found that I can only get AddJwtBearer and OIDC to work at the same time if I set all possible schemes in AuthorizeFilter, using a AuthorizationPolicyBuilder. When I do this I can successfully log into the website with either OIDC or a JWT bearer token. However, I cannot get logged out of OIDC, because IAuthenticateResultFeature has now dissappeared, so I do not know what scheme to use to sign out with. If I remove the code that sets the schemes to AuthorizeFilter, I cannot get logged in.
I followed the examples at this website:
What I have is:
services.AddAuthentication()
.AddOpenIdConnect()
.AddCookie()
.AddJwtBearer();
// The below code is only necessary when including AddJwtBearer.
// If I don't do the below, then OIDC login does not work with AddJwtBearer.
// if I do the below, then IAuthenticateResultFeature is missing.
services.AddAuthorization(options =>
{
var defaultAuthorizationPolicyBuilder = new AuthorizationPolicyBuilder(
"oidcsheme", "jwtscheme"
);
defaultAuthorizationPolicyBuilder =
defaultAuthorizationPolicyBuilder.RequireAuthenticatedUser();
options.DefaultPolicy = defaultAuthorizationPolicyBuilder.Build();
});
Update: After even more extensive digging, I found a report of this issue on github. There is a suggestion that this behavior is by design. Does anyone have a solution that allows signing in and signing out when using AddOpenIdConnect and AddJwtBearer together?
