diff --git a/build/dependencies.props b/build/dependencies.props index e7c7a1cd..dab082f9 100644 --- a/build/dependencies.props +++ b/build/dependencies.props @@ -2,8 +2,8 @@ 1.0.0 - 1.0.0-beta1-final - 1.0.0-rc1-final + 1.0.0-rtm-* + 1.0.0-rtm-* 2.0.0 10.3.0 1.6.0 diff --git a/src/OpenIddict/OpenIddictProvider.Authentication.cs b/src/OpenIddict/OpenIddictProvider.Authentication.cs index a54f3d92..66623dc1 100644 --- a/src/OpenIddict/OpenIddictProvider.Authentication.cs +++ b/src/OpenIddict/OpenIddictProvider.Authentication.cs @@ -383,8 +383,8 @@ namespace OpenIddict await options.Value.Cache.RemoveAsync(key); } - if (!options.Value.ApplicationCanDisplayErrors && !string.IsNullOrEmpty(context.Response.Error) && - string.IsNullOrEmpty(context.Response.RedirectUri)) + if (!options.Value.ApplicationCanDisplayErrors && !string.IsNullOrEmpty(context.Error) && + string.IsNullOrEmpty(context.RedirectUri)) { // Determine if the status code pages middleware has been enabled for this request. // If it was not registered or enabled, let the OpenID Connect server middleware render diff --git a/src/OpenIddict/OpenIddictProvider.Session.cs b/src/OpenIddict/OpenIddictProvider.Session.cs index 29b2a8f3..0dfc66c1 100644 --- a/src/OpenIddict/OpenIddictProvider.Session.cs +++ b/src/OpenIddict/OpenIddictProvider.Session.cs @@ -87,30 +87,22 @@ namespace OpenIddict var applications = context.HttpContext.RequestServices.GetRequiredService>(); var logger = context.HttpContext.RequestServices.GetRequiredService>>(); - // Skip validation if the optional post_logout_redirect_uri - // parameter was missing from the logout request. - if (string.IsNullOrEmpty(context.PostLogoutRedirectUri)) + // If an optional post_logout_redirect_uri was provided, validate it. + if (!string.IsNullOrEmpty(context.PostLogoutRedirectUri)) { - logger.LogInformation("The logout request validation process was skipped because " + - "the post_logout_redirect_uri parameter was missing."); - - context.Skip(); - - return; - } - - var application = await applications.FindByLogoutRedirectUri(context.PostLogoutRedirectUri, context.HttpContext.RequestAborted); - if (application == null) - { - logger.LogError("The logout request was rejected because the client application corresponding " + - "to the specified post_logout_redirect_uri was not found in the database: " + - "'{PostLogoutRedirectUri}'.", context.PostLogoutRedirectUri); + var application = await applications.FindByLogoutRedirectUri(context.PostLogoutRedirectUri, context.HttpContext.RequestAborted); + if (application == null) + { + logger.LogError("The logout request was rejected because the client application corresponding " + + "to the specified post_logout_redirect_uri was not found in the database: " + + "'{PostLogoutRedirectUri}'.", context.PostLogoutRedirectUri); - context.Reject( - error: OpenIdConnectConstants.Errors.InvalidClient, - description: "Invalid post_logout_redirect_uri."); + context.Reject( + error: OpenIdConnectConstants.Errors.InvalidClient, + description: "Invalid post_logout_redirect_uri."); - return; + return; + } } context.Validate(); @@ -182,8 +174,8 @@ namespace OpenIddict await options.Value.Cache.RemoveAsync(key); } - if (!options.Value.ApplicationCanDisplayErrors && !string.IsNullOrEmpty(context.Response.Error) && - string.IsNullOrEmpty(context.Response.PostLogoutRedirectUri)) + if (!options.Value.ApplicationCanDisplayErrors && !string.IsNullOrEmpty(context.Error) && + string.IsNullOrEmpty(context.PostLogoutRedirectUri)) { // Determine if the status code pages middleware has been enabled for this request. // If it was not registered or enabled, let the OpenID Connect server middleware render