New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Logging out #40
Comments
Sometimes the logout URL is different from what you expect: static String _baseUri = 'https://your-auth-provider.com';
// This specific provider appends an additional path to the basicURI, for logout only. ¯\_(ツ)_/¯
static String _additionalPathLogout = '/oauth2/v1';
static String _callbackUriScheme = 'your.callback.uri.scheme';
static String _logoutRedirectUri = '$_callbackUriScheme:/logout'; then String token = 'your-token';
String url = '$_baseUri$_additionalPathLogout/logout?id_token_hint=$token&post_logout_redirect_uri=$_logoutRedirectUri'; finally await FlutterWebAuth.authenticate(url: url, callbackUrlScheme: _callbackUriScheme); |
That is true. I do not know about Maybe |
According to my research, if you just clear the token, the session would still remember the user for the next log-in. Best I found so far was to use the flag [ |
Just to be clear (because you mention "clearing" tokens), I meant "revoke" tokens. For instance, for Okta, you can have a look at this page for the difference. |
Good point. We're using AWS Cognito, which seemingly does not have a way to revoke tokens. We call their logout endpoint which does not invalidate any tokens, but only clears the state of their UI. This needs to happen in the same |
I don't think that there is a solution available here provided what the platforms give us. I'd be very happy to reopen this if someone can find a solution that is possible using iOS/Android native APIs! 🚀 |
I have been trying to logout of the session using the logout endpoint.
I suppose when dealing with these flows they're all standardized no matter who the auth server provider is right?
What's the correct way to logout?
With the auth server I'm using, Okta, it says the following:
I can construct the logout url just fine, but it just sends me to a 400 erro okta page.
This is the documentation:
https://developer.okta.com/docs/reference/api/oidc/#logout
Any ideas?
Thanks.
The text was updated successfully, but these errors were encountered: