Sign out does not clear SSO token
See original GitHub issueLooking at the code, I don’t see Sign Out being properly implemented. There is a way to remove the user tokens from the local cache, but it does not appear to invoke the system web view to hit the end_session_endpoint
endpoint value. That may leave the cookie between the system and the device valid such that a subsequent authenticate call may not prompt for credentials.
Seems like the end_session_endpoint
value should be read from the OIDC metadata and then invoked on a sign out?
Issue Analytics
- State:
- Created 6 years ago
- Comments:7 (4 by maintainers)
Top Results From Across the Web
Sign out does not clear SSO token #210 - GitHub
Looking at the code, I don't see Sign Out being properly implemented. There is a way to remove the user tokens from the...
Read more >Logout does not clear session - Microsoft Q&A
When I try to logout, Azure does not clear my session. The next authentication request still returns the same ID token.
Read more >Clear SSO Login sessions/data - ComponentSpace
SignOut (); HttpContext.Current.Response.Cookies.Clear(); we are trying clear session and cookies. ... step 4: client login page won't ask for any credentials and ...
Read more >Invalidating an access token when user logs out
I misunderstood the statement. So, the user won't be logged out, but the user will not be authenticated with the backend either, right?...
Read more >Authentication - Sign out - Android - AWS Amplify Docs
You can only have one user signed in at a given time. Calling signOut without any options will delete the local cache and...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@onovotny For the preview, we only support signout by removing tokens from the cache. Sigout from system webview will be the next step, we’ll add the support later.
In the meantime I am using the following code to remove all user data and prevent automatic login after sign out. I am using
"authorization_user_agent": "WEBVIEW"
.(requireContext().getSystemService(Context.ACTIVITY_SERVICE) as ActivityManager).clearApplicationUserData()