end kratos session with hydra session

josxha · Dec 29, 2023 · a5d8d7e · a5d8d7e
1 parent e35c99a
commit a5d8d7e
Showing 1 changed file with 21 additions and 4 deletions.
diff --git a/KratosSelfService/Controllers/LogoutController.cs b/KratosSelfService/Controllers/LogoutController.cs
@@ -2,6 +2,7 @@
 using KratosSelfService.Services;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using Ory.Hydra.Client.Model;
 using Ory.Kratos.Client.Client;
 
 namespace KratosSelfService.Controllers;
@@ -15,6 +16,7 @@ public async Task<IActionResult> LogoutGet([FromQuery(Name = "logout_challenge")
         // show a dialog to let the user confirm that he wants to log out
         if (!string.IsNullOrWhiteSpace(logoutChallenge)) return View("Logout", new LogoutModel(logoutChallenge));
 
+        // end kratos session
         try
         {
             var flow = await api.Frontend.CreateBrowserLogoutFlowAsync(Request.Headers.Cookie);
@@ -37,22 +39,37 @@ public async Task<IActionResult> LogoutPost([FromForm(Name = "challenge")] strin
         if (action == "no")
         {
             logger.LogDebug("User rejected to log out.");
-            // The user rejected to log out
+            // The user rejects to log out
             await api.HydraOAuth2.RejectOAuth2LogoutRequestAsync(logoutChallenge);
             return Redirect("/");
         }
 
-        logger.LogDebug("User agreed to log out.");
         // The user agreed to log out, let's accept the logout request.
+        logger.LogDebug("User agreed to log out.");
+
+        // end hydra session
+        HydraOAuth2RedirectTo hydraResponse;
         try
         {
-            var response = await api.HydraOAuth2.AcceptOAuth2LogoutRequestAsync(logoutChallenge);
-            return Redirect(response.RedirectTo);
+            hydraResponse = await api.HydraOAuth2.AcceptOAuth2LogoutRequestAsync(logoutChallenge);
         }
         catch (ApiException exception)
         {
             logger.LogWarning("Could not logout: {Message}", exception.Message);
             return Redirect("~/");
         }
+
+        // end kratos session
+        try
+        {
+            var flow = await api.Frontend.CreateBrowserLogoutFlowAsync(Request.Headers.Cookie,
+                hydraResponse.RedirectTo);
+            return Redirect(flow.LogoutUrl);
+        }
+        catch (ApiException exception)
+        {
+            logger.LogDebug("Could not get logout flow: {Message}", exception.Message);
+            return Redirect(hydraResponse.RedirectTo);
+        }
     }
 }