#1 : Il a perdu s'est crampté.

2026-04-21 16:44:14 +02:00
parent 50ca65c239
commit 76f8ec1cf5
2 changed files with 14 additions and 1 deletions
--- a/Webzine.WebApplication/Controllers/AccountController.cs
+++ b/Webzine.WebApplication/Controllers/AccountController.cs
@@ -26,7 +26,8 @@
                {
                    RedirectUri = "/",
                },
-                CookieAuthenticationDefaults.AuthenticationScheme);
+                CookieAuthenticationDefaults.AuthenticationScheme,
+                OpenIdConnectDefaults.AuthenticationScheme);
        }

        [HttpGet("/account/access-denied")]
--- a/Webzine.WebApplication/Program.cs
+++ b/Webzine.WebApplication/Program.cs
@@ -260,6 +260,12 @@ try

                OnRedirectToIdentityProviderForSignOut = context =>
                {
+                    var idToken = context.HttpContext.User.FindFirst("id_token")?.Value;
+                    if (!string.IsNullOrWhiteSpace(idToken))
+                    {
+                        context.ProtocolMessage.IdTokenHint = idToken;
+                    }
+
                    if (!string.IsNullOrWhiteSpace(publicOrigin))
                    {
                        context.ProtocolMessage.PostLogoutRedirectUri = publicOrigin + context.Options.SignedOutCallbackPath;
@@ -273,6 +279,12 @@ try
                    var identity = (ClaimsIdentity)context.Principal!.Identity!;
                    var clientId = context.Options.ClientId;

+                    if (context.SecurityToken is JwtSecurityToken idToken &&
+                        !string.IsNullOrWhiteSpace(idToken.RawData))
+                    {
+                        identity.AddClaim(new Claim("id_token", idToken.RawData));
+                    }
+
                    AddKeycloakRolesFromClaims(identity, context.Principal, clientId);
                    AddKeycloakRolesFromAccessToken(identity, context.TokenEndpointResponse?.AccessToken, clientId);