Early Preview
This is currently very much a preview. Please feel free to try things out,
but don't be upset if anything is not yet working. Feedback is welcome over on our
GitHub Dicussions page.
interface Duende.IdentityServer.Services.IUserSession
Assembly: Duende.IdentityServer
Manages the current user's authentication session and tracks the client applications that are participating in it. The session is identified by a unique random session ID assigned when the user first logs in. As clients request tokens, their IDs are recorded in the session so that IdentityServer can send logout notifications to all participating clients at sign-out time. This interface also exposes methods for managing the session ID cookie used by IdentityServer's OIDC session management implementation. The default implementation is <c>DefaultUserSession</c> , which stores the session ID and client list in the authentication properties.
Methods
System.Threading.Tasks.Task<string>
CreateSessionIdAsync(System.Security.Claims.ClaimsPrincipal principal,
Microsoft.AspNetCore.Authentication.AuthenticationProperties properties,
System.Threading.CancellationToken ct)
Creates a new session identifier for the sign-in context and issues the session ID cookie.
Call this when a user successfully authenticates to establish their session.
Returns The newly created session ID string that uniquely identifies this user's session.
principal
The authenticated user's claims principal.
properties
The authentication properties associated with the sign-in.
ct
The cancellation token.
GetUserAsync(System.Threading.CancellationToken ct)
Gets the currently authenticated user.
Prefer this over <c>IAuthenticationService.AuthenticateAsync</c> because it avoids
running claims transformation more than once and reflects any updated authentication
ticket issued during the current request.
Returns The <see cref="T:System.Security.Claims.ClaimsPrincipal" /> of the authenticated user,
or <c>null</c> if no user is currently authenticated.
ct
The cancellation token.
System.Threading.Tasks.Task<string>
GetSessionIdAsync(System.Threading.CancellationToken ct)
Gets the current session identifier from the authentication ticket.
Returns The session ID string for the current user's session,
or <c>null</c> if there is no active authenticated session.
ct
The cancellation token.
EnsureSessionIdCookieAsync(System.Threading.CancellationToken ct)
Ensures the session ID cookie is present and synchronized with the current session identifier.
Call this to keep the session cookie in sync after the authentication ticket has been updated.
ct
The cancellation token.
RemoveSessionIdCookieAsync(System.Threading.CancellationToken ct)
Removes the session ID cookie from the response.
Call this during sign-out to clear the OIDC session management cookie.
ct
The cancellation token.
AddClientIdAsync(string clientId,
System.Threading.CancellationToken ct)
Records that the specified client has participated in the current user's session.
This information is used at sign-out time to send logout notifications to all
clients that were active during the session.
clientId
The identifier of the client to add to the session's client list.
ct
The cancellation token.
GetClientListAsync(System.Threading.CancellationToken ct)
Gets the list of client IDs that have participated in the current user's session.
Returns A read-only collection of client ID strings representing every client that has
obtained tokens during the current session.
ct
The cancellation token.
AddSamlSessionAsync(Saml.Models.SamlSpSessionData session,
System.Threading.CancellationToken ct)
Adds a SAML SP session to the user's session, recording that the specified
service provider is participating in the current SSO session.
session
The SAML SP session data to record, including the SP's entity ID.
ct
The cancellation token.
Remarks
Session data is stored in AuthenticationProperties. For deployments with many SAML service providers,
server-side sessions should be enabled to avoid cookie size limitations.
See <see cref="T:Duende.IdentityServer.Saml.Models.SamlSpSessionData" /> for details.
System.Threading.Tasks.Task<System.Collections.Generic.IReadOnlyCollection<Saml.Models.SamlSpSessionData>>
GetSamlSessionListAsync(System.Threading.CancellationToken ct)
Gets the list of SAML SP sessions that are participating in the current user's session.
Returns A read-only collection of <see cref="T:Duende.IdentityServer.Saml.Models.SamlSpSessionData" /> objects representing every
SAML service provider that has participated in the current session.
ct
The cancellation token.
RemoveSamlSessionAsync(string entityId,
System.Threading.CancellationToken ct)
Removes the SAML SP session for the specified entity ID from the current user's session.
Call this during SAML single logout to deregister the service provider from the session.
entityId
The entity ID of the SAML service provider whose session should be removed.
ct
The cancellation token.