Skip to content
Duende Software Docs
Livestream: Demystifying Authentication in ASP.NET Core with Tore Nestenius. Register Now!

BFF Logout Endpoint Extensibility

The BFF logout endpoint has extensibility points in two interfaces. The ILogoutEndpoint is the top-level abstraction that processes requests to the endpoint. This service can be used to add custom request processing logic. The IReturnUrlValidator ensures that the returnUrl parameter passed to the logout endpoint is safe to use.

Request Processing

Section titled “Request Processing”

ProcessRequestAsync is the top-level function called in the endpoint service and can be used to add arbitrary logic to the endpoint.

For example, you could take whatever actions you need before normal processing of the request like this:

public Task ProcessRequestAsync(HttpContext context, CancellationToken ct)
{
    // Custom logic here


    return base.ProcessRequestAsync(context);
}

Return URL Validation

Section titled “Return URL Validation”

To prevent open redirector attacks, the returnUrl parameter to the logout endpoint must be validated. You can customize this validation by implementing the IReturnUrlValidator interface. The default implementation enforces that return URLs are local.