From a5d8d7e52614f951b52c0d5ddebd0570119d6381 Mon Sep 17 00:00:00 2001
From: Joscha <34318751+josxha@users.noreply.github.com>
Date: Fri, 29 Dec 2023 13:18:02 +0100
Subject: [PATCH] end kratos session with hydra session

---
 .../Controllers/LogoutController.cs           | 25 ++++++++++++++++---
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/KratosSelfService/Controllers/LogoutController.cs b/KratosSelfService/Controllers/LogoutController.cs
index 608e177..82d182f 100644
--- a/KratosSelfService/Controllers/LogoutController.cs
+++ b/KratosSelfService/Controllers/LogoutController.cs
@@ -2,6 +2,7 @@
 using KratosSelfService.Services;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using Ory.Hydra.Client.Model;
 using Ory.Kratos.Client.Client;
 
 namespace KratosSelfService.Controllers;
@@ -15,6 +16,7 @@ public async Task<IActionResult> LogoutGet([FromQuery(Name = "logout_challenge")
         // show a dialog to let the user confirm that he wants to log out
         if (!string.IsNullOrWhiteSpace(logoutChallenge)) return View("Logout", new LogoutModel(logoutChallenge));
 
+        // end kratos session
         try
         {
             var flow = await api.Frontend.CreateBrowserLogoutFlowAsync(Request.Headers.Cookie);
@@ -37,22 +39,37 @@ public async Task<IActionResult> LogoutPost([FromForm(Name = "challenge")] strin
         if (action == "no")
         {
             logger.LogDebug("User rejected to log out.");
-            // The user rejected to log out
+            // The user rejects to log out
             await api.HydraOAuth2.RejectOAuth2LogoutRequestAsync(logoutChallenge);
             return Redirect("/");
         }
 
-        logger.LogDebug("User agreed to log out.");
         // The user agreed to log out, let's accept the logout request.
+        logger.LogDebug("User agreed to log out.");
+
+        // end hydra session
+        HydraOAuth2RedirectTo hydraResponse;
         try
         {
-            var response = await api.HydraOAuth2.AcceptOAuth2LogoutRequestAsync(logoutChallenge);
-            return Redirect(response.RedirectTo);
+            hydraResponse = await api.HydraOAuth2.AcceptOAuth2LogoutRequestAsync(logoutChallenge);
         }
         catch (ApiException exception)
         {
             logger.LogWarning("Could not logout: {Message}", exception.Message);
             return Redirect("~/");
         }
+
+        // end kratos session
+        try
+        {
+            var flow = await api.Frontend.CreateBrowserLogoutFlowAsync(Request.Headers.Cookie,
+                hydraResponse.RedirectTo);
+            return Redirect(flow.LogoutUrl);
+        }
+        catch (ApiException exception)
+        {
+            logger.LogDebug("Could not get logout flow: {Message}", exception.Message);
+            return Redirect(hydraResponse.RedirectTo);
+        }
     }
 }
\ No newline at end of file