From 76f8ec1cf5f04bd17a05d36e13370f7f4e7c2d6b Mon Sep 17 00:00:00 2001 From: Loic Masi Date: Tue, 21 Apr 2026 16:44:14 +0200 Subject: [PATCH] =?UTF-8?q?#1=20:=20Il=20a=20perdu=20s'est=20crampt=C3=A9.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Controllers/AccountController.cs | 3 ++- Webzine.WebApplication/Program.cs | 12 ++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/Webzine.WebApplication/Controllers/AccountController.cs b/Webzine.WebApplication/Controllers/AccountController.cs index ef3f4fe..10fb868 100644 --- a/Webzine.WebApplication/Controllers/AccountController.cs +++ b/Webzine.WebApplication/Controllers/AccountController.cs @@ -26,7 +26,8 @@ { RedirectUri = "/", }, - CookieAuthenticationDefaults.AuthenticationScheme); + CookieAuthenticationDefaults.AuthenticationScheme, + OpenIdConnectDefaults.AuthenticationScheme); } [HttpGet("/account/access-denied")] diff --git a/Webzine.WebApplication/Program.cs b/Webzine.WebApplication/Program.cs index 999fe72..e3b2c8a 100644 --- a/Webzine.WebApplication/Program.cs +++ b/Webzine.WebApplication/Program.cs @@ -260,6 +260,12 @@ try OnRedirectToIdentityProviderForSignOut = context => { + var idToken = context.HttpContext.User.FindFirst("id_token")?.Value; + if (!string.IsNullOrWhiteSpace(idToken)) + { + context.ProtocolMessage.IdTokenHint = idToken; + } + if (!string.IsNullOrWhiteSpace(publicOrigin)) { context.ProtocolMessage.PostLogoutRedirectUri = publicOrigin + context.Options.SignedOutCallbackPath; @@ -273,6 +279,12 @@ try var identity = (ClaimsIdentity)context.Principal!.Identity!; var clientId = context.Options.ClientId; + if (context.SecurityToken is JwtSecurityToken idToken && + !string.IsNullOrWhiteSpace(idToken.RawData)) + { + identity.AddClaim(new Claim("id_token", idToken.RawData)); + } + AddKeycloakRolesFromClaims(identity, context.Principal, clientId); AddKeycloakRolesFromAccessToken(identity, context.TokenEndpointResponse?.AccessToken, clientId);