Logout only removes access_token but does not return to login page
See original GitHub issueI am trying to use this.oauthService.logOut()
but it does not return to the login page, it just removes the access_token and other information from it. The identity that I use on the WS02 Indentity server.
Example
oauth2.config.ts
import { AuthConfig } from 'angular-oauth2-oidc';
import { environment } from '../environments/environment';
export const authConfig: AuthConfig = {
issuer: environment.sso.serverUrl.concat(environment.sso.issuer),
redirectUri: environment.sso.redirectUri,
clientId: environment.sso.clientId,
scope: environment.sso.scope,
loginUrl: environment.sso.serverUrl.concat(environment.sso.authorizationEndpoint),
requireHttps: environment.sso.requireHttps,
silentRefreshRedirectUri: environment.sso.silentRefreshRedirectUri,
oidc: environment.sso.oidc
};
app.component.ts
import { OAuthService, AuthConfig } from 'angular-oauth2-oidc';
import { authConfig } from './oauth2.config';
import { filter } from 'rxjs/operators';
@Component({
selector: 'app-root',
templateUrl: './app.component.html',
styleUrls: ['./app.component.css']
})
export class AppComponent {
constructor(private oauthService: OAuthService) {
this.configure();
}
private configure() {
this.oauthService.configure(authConfig);
this.oauthService.setStorage(sessionStorage);
this.oauthService.tryLogin({});
}
}
info.component.ts
import { Component, OnInit, ViewChild, ElementRef } from '@angular/core';
import { OAuthService } from 'angular-oauth2-oidc';
import { ScriptStore } from '../../script.store';
import { filter } from 'rxjs/operators';
@Component({
selector: 'app-axa',
templateUrl: './axa.component.html',
styleUrls: ['./axa.component.css']
})
export class AxaComponent implements OnInit {
constructor(private oauthService: OAuthService) {
}
// It doesn't work
logout() {
this.oauthService.logOut();
}
}
Is this an issue or configuration problem?
Issue Analytics
- State:
- Created 3 years ago
- Reactions:1
- Comments:5
Top Results From Across the Web
You are overriding current access token, that means some ...
You are overriding current access token, that means some other app is expecting different access token and you will probably break things.
Read more >Should i logout a user if access token is malformed?
Talking short, you should logout user if refresh token malformed or expired. According to JWT idea, access token is short-life token. When it ......
Read more >Single-page application: Sign-in and Sign-out - Microsoft Learn
Learn how to add sign-in to the code for your single-page application. ... you can skip the login step, and directly acquire tokens....
Read more >Okta session logout not clearing access token - Questions
This fires a DELETE call which returns a succcess '204' case. But the access tokens are not cleared.i can still use the access...
Read more >Logout | Authentication Service Admin Guide - Curity
Logging out does not revoke all all OAuth tokens issued for the user if that profile is also in use. Only the authenticated...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Hmm, interesting. I do the exact same thing in my sample app. You could try cloning it and configure it to work with your IDS?
The
logOut(...)
method does nothing too magical, basically it will:logoutUrl
on the IDSYour IDS will need to effectively end the session and redirect you back to the application. You could try to control the location with the
postLogoutRedirectUri
config value.When you get back, the user should no longer be logged in. If there’s an issue, it’s likely either in the IDS, or in the way your app handles state? We’d need a full but minimal reproducible scenario (e.g. Stackblitz sample) to be able to reliably help.
@jeroenheijmans the project that has the mentioned problem is the following url https://github.com/pablogarzon1969/angular-ws02-IS and this uses the ws02 Identity Server
Also validate a project that had in angular 4 and with the version of the package angular-oauth2-oidc = 3.1.4 and if it works, but after this version it presents the problem with the ws02 Identity Server of not returning to the login page and does not delete WS02 IS session