Configured security, stable run

ShopAdmin/Program.cs

@@ -65,6 +65,21 @@ builder.Services.AddAuthentication(options =>
         NameClaimType = "name",
         RoleClaimType = "groups"
     };
+
+    options.Events = new OpenIdConnectEvents
+    {
+        OnRedirectToIdentityProviderForSignOut = async callbackContext =>
+        {
+            var request = callbackContext.Request;
+            string currentBaseUrl = $"{request.Scheme}://{request.Host}{request.PathBase}/";
+
+            callbackContext.ProtocolMessage.PostLogoutRedirectUri = currentBaseUrl;
+
+            var idToken = await callbackContext.HttpContext.GetTokenAsync("id_token");
+
+            if (!string.IsNullOrEmpty(idToken)) callbackContext.ProtocolMessage.IdTokenHint = idToken;
+        }
+    };
 });
 
 var app = builder.Build();
@@ -97,8 +112,18 @@ app.UseAuthorization();
 app.MapStaticAssets();
 
 app.MapGet("/auth/login", (string redirectUri = "/") =>
-    Results.Challenge(new AuthenticationProperties { RedirectUri = redirectUri },[OpenIdConnectDefaults.AuthenticationScheme]));
-app.MapGet("/auth/logout", () => Results.SignOut(new AuthenticationProperties { RedirectUri = "/" }, [CookieAuthenticationDefaults.AuthenticationScheme, OpenIdConnectDefaults.AuthenticationScheme]));
+    Results.Challenge(new AuthenticationProperties { RedirectUri = redirectUri }, [OpenIdConnectDefaults.AuthenticationScheme]));
+app.MapGet("/auth/logout", async (HttpContext context) =>
+{
+    await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+
+    string currentBaseUrl = $"{context.Request.Scheme}://{context.Request.Host}{context.Request.PathBase}/";
+
+    await context.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties
+    {
+        RedirectUri = currentBaseUrl
+    });
+});
 
 app.MapRazorComponents<App>()
     .AddInteractiveServerRenderMode();