-
Notifications
You must be signed in to change notification settings - Fork 244
-
Notifications
You must be signed in to change notification settings - Fork 244
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EndSessionRequest #31
Comments
I didn't add this in because there wasn't an implementation on the Android side and I was aware of the end session implementation on iOS. The PR you linked is actually for a fix so it's actually been in there for a bit longer. So to answer your question, no plans to do this at the moment |
Thank you for your fast answer :) However, i am wondering. How are you doing a logout? Do you add a prompt=login and force the user to log in every time? Maybe i am just missing an alternative approach to EndSessionRequest. |
Admittedly I haven't gotten to that point yet. I worked on this plugin as it looked like there wasn't much available for doing authentication with other identity providers (e.g. Azure B2C, my day job involves doing .NET development) and made it available for others to use. You're probably making more use of this than me :) I don't think you're missing anything around the end session request. From what I recall, the proposal that included details around ending a session was still in draft as such I think some identity providers may provider different ways to end a session. As such I would think for devs that look to implement signing out that they write their own Android and iOS code to open a browser that would trigger the sign out and redirect back to the app. Perhaps it'll even work to use the launcher plugin to do so but that's just a random, untested thought... |
Thank you for you answer :) I think i will close this issue for now and try to implement a signout on my own. I will come back here and update as soon as i have something "working" to share with you :) Thanks and keep up the great work! |
One workaround is to perform an authorize with 'connect/endsession' instead of '/connect/authorize' as the authorization endpoint... Not beutiful but it works... |
@StefanJansson can you share some more details on how you do it in code? would be great :) |
Sure, here it comes. var result = await _appAuth.authorize(
AuthorizationTokenRequest([client_id], [redirect_uri],
clientSecret: [client_secret],
issuer: [issuer],
discoveryUrl: "[issuer]/.well-known/openid-configuration",
scopes: [scopes],
additionalParameters: {
"id_token_hint": [idToken],
"post_logout_redirect_uri": [redirect_uri]
},
serviceConfiguration: AuthorizationServiceConfiguration(
"[issuer]/connect/endsession", "[issuer]/connect/token"),
),
); |
@StefanJansson, I tried to use your end session hack and it works well on Android. However, there is an issue with iOS app. I get logout screen and then on redirect to
I use the same redirect uri for login and logout and I registered it in
Thoughts? Thanks in advance. |
Hmm... Shit was my first thought. I've verified the error and don't have a workaround for it unfortunately. Maybe author of this package could implement end session for iOS which is available in openid/appauth-iOS and maybe use my workaround for Android until they release the end session functionality in opened/appauth-android? What do you say @MaikuB, is it possible? |
@StefanJansson It would be greate to implement endsession for iOS. It should be easy to implement and we could assert() for Android until they provide a native implementation. |
Happy to look at a PR for this if someone intends to take a stab |
I have the end session functionality working nicely on iOS. I will submit a PR later this week. |
Any updates on the end session functionality? |
The reason why I did not submitted a PR yet due to how AppAuth-IOS is using the following classes for authentication sessions : For iOS 12 & 13 -> the new For iOS 11 ->
The issue with SSO (for If you want to have the benefits of SSO, you have to accept that annoying permission prompt when you click the Sign Out button in your application. There are a few ways to get rid of the permission prompt, but you lose the SSO benefits. I can see that there are a lot of developers complaining about this issue but I haven't seen yet a response from Apple team. It looks like the future of OAuth on iOS is not too bright.. With this API limitation it looks like they will slowly eject social identity provider logins on iOS and they will enforce their own system : @MaikuB What do you think? Does it makes sense to submit a PR for end session functionality, with a |
@AurelianTimu: Haven't looked at the AppAuth iOS SDK lately but does it even allow for specifying whether or to use |
(I accidently submitted a PR - please ignore that..) If you create an implementation of Take a look at this branch. Let me know please if you have any questions/comments. |
Thanks will see if I can take a look and play around with it soon. Based on what you've said so far, sounds like a good idea and the flag could be named |
@AurelianTimu tried this out and I reckon it would be best to go with what I mentioned above on having a Given the library is a wrapper around the native SDKs, I'd see the name of the parameters be aligned with what the SDK uses as much as possible (e.g. |
FYI I'm going to release a new version soon to tidy up some code and bump Android dependencies so your branch will need to be rebased. |
Something I forgot to add is I wonder though if Apple will reject apps if they don't use the appropriate API for authentication. Another thing is my understanding of the |
The redirect does not work with the IdentityServer demo instance because of this line : If Something I forgot to add is I wonder though if Apple will reject apps if they don't use the appropriate API for authentication I was thinking about the same thing. I found some discussions online where someone complained that their app got rejected due to something very similar. Noted the naming convention you suggested and the I`ll think about this more in the upcoming days |
Sure and thanks for the info |
hello any update on that? |
@MaikuB any update about forceSafariVC flag? |
@alereisan not for me to comment on as the branch/fork mentioned earlier is not something I worked on to begin with and the link to the fork is there for you to look at |
@draganjovanovic1 could you solve your problem? I have the same error |
@IonVillarreal, no I haven't. The project where I tried using this lib has been abandoned so I stopped looking for a solution. |
@MaikuB Any updates on the IOS fix for this? |
@danielweil not sure exactly which issue you referring to here given the discussions that have gone in this thread. If this is about end session support then no. There's already an existing issue on this that I marked as needing help and I had mentioned problems getting this working myself (#48 (comment)). PRs are welcome |
Hey,
i just saw that AppAuth for iOS finally implemented a way to end the session.
see: openid/AppAuth-iOS#407
Unfortunately there is no implementation for Android, yet.
Do you plan to add this to your library? Even if it is just for iOS at the moment.
Greetings
The text was updated successfully, but these errors were encountered: