I've got a working IdP using the Duende IdentityServer 5.0.4 middleware.
In a web app, I have a logout link that performs a 302 redirect to the EndSessionEndpoint retrieved through the discovery client.
On the IdP's logout confirmation page, the User's available claims are: sub, amr, name, idp, and authtime. The 'sid' claim is not available.
How can I instruct the EndSessionEndpoint to require the 'sid' claim? Is there a way to read the current user's sid claim from the idsrv cookie?
Any tips would be appreciated. I'm currently explicitly passing the sid claim through the query string for the 302 redirect as a work-around, but I want to remove this ASAP.
Thanks!
PS - I know about the id_token_hint parameter, but I want my users to be prompted with the 'are you sure you want to logout?' question.
It turns out evaluating the LogoutId value using the GetLogoutContextAsync() from the IIdentityServerInteractionService provides the SessionId value.