New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
logout of app errors #18128
Comments
I am unable to reproduce this using the given information. Could you provide the actual error returned and any other information/configuration required to reproduce this on a new instance.
They both go to the api logout endpoint but the difference being the SDK defaults to using |
It looks like both frontends are using Does it continue happening when logging it with 2 different browsers? (or with 1 in incognito mode) |
Yes you are right. Frontend in firefox (my default) and directus in Edge gives a clean logout in directus (just noticed the bunny or hare in console!). |
So the object returned from auth.login in the sdk only contains the access token and the expires value. It does not contain the refresh token. Is this what should be happening? |
It is indeed intended when the mode is |
I thought mode defaulted to json - I had not seen the comment that it defaults to cookie in browsers. |
It seems like your request headers does in fact do not contain the refresh token from the cookie, so you may need to double check via DevTools whether the cookie exists. You may also be facing CORS issue (hence the cookie may not be set, or sent), so please do check out https://docs.directus.io/self-hosted/config-options.html#cors as well. |
I have spent a lot of time on cors. And I thought I had got it working (in the sense that no CORS errors show up) but CORS is the gift that keeps biting! Just to add, another console message during logout is a warning So I changed the code and wrapped the auth.logout in an auth.refresh. The result was My Error Code: logout refresh error Error: Invalid user credentials. So the refresh token doesn't seem to be anywhere? |
I'm not sure are there any other possibilities off the top of my mind, but try making sure there is no space (after commas) in your That being said, I do recommend joining our community Discord server and forward your question over there, so that other community members can help to further debug your current setup as well 👍 |
Useful comment on spaces in the cors origin value though not sure how that would cause the refresh token to be lost. Also normally if I have a cors problem then it shows up at Auth login. |
So kept the directus app to Edge and my frontend to firefox. In both I see the directus_refresh_token. But I added an unnecessary auth.refresh to see the result, I get an invalid user credentials error. I commented out the refresh and tried auth.token and that does return the access token. So I am now getting a refresh token in the cookie but it does not appear to be accessible. Which leads me to a fundamental question. Is auth.refresh using the refresh value token in the cookie? Is it using the access token? Why is refresh giving invalid user credentials? |
I have just upgraded to sdk 10.3.3 and a few of the problems have gone eg the refresh invalid user messages. |
Describe the Bug
Using the directus app, I log in, do stuff and then log out.
Using the browser console there are the following messages.
XHRPOSThttp://localhost:8055/auth/logout
[HTTP/1.1 400 Bad Request 16ms]
GEThttp://localhost:8055/assets/5799c3db-c46a-4bd2-ab06-8d1e90f67ac7
[HTTP/1.1 403 Forbidden 15ms]
Easy enough to try and the messages can be expanded for more details. Shoudl this happen?
To Reproduce
Just log into the directus app and then logout with the browser console open.
I looked at this because I get errors in a front end app when that logs out (using the sdk). They are different errors complaining about the refresh token which by default should be in json. (There is a difference between the sdk logout and the api logout; the latter has the refresh token as a param).
The code seems to have problems getting the token from json.
Hosting Strategy
Self-Hosted (Custom)
The text was updated successfully, but these errors were encountered: