GitHub identity is persisted locally after log-out

[artaleks9]

Description

It seems logout from CHE doesn't include logout from GitHub.
The problem was detected in the beginning in the CRW (https://issues.jboss.org/browse/CRW-323)

Reproduction Steps

• User1 logs into CHE, performs authorization on his GitHub account, gets list of his projects and logs out from CHE
• User2 logs into CHE in the same browser window
• User2 can see and use the projects from User1 GitHub account

OS and version:
Environment: Openshift
7.0.0-rc-3.0-SNAPSHOT

Additional information:

• See video record:

[slemeur]

cc @vparfonov

[skabashnyuk]

@artaleks9 can you update the issue with the information about the environment that was used?

[skabashnyuk]

@ashumilova can you remind me what service dashboard is using to get a token? is this something from Che master side or it's communicating with Github directly?

[ashumilova]

@skabashnyuk It uses our API method /api/oauth/token?oauth_provider=github

[skabashnyuk]

@ashumilova As I can see GitHub token is cached in LocalStorage.

From your POV how this usecase should be handled?

[skabashnyuk]

BTW any manipulation of user with github link to his kyecloak account will not be visible until this item exists in cache I think.

[gorkem]

@ashumilova shouldn't logout clear all the LocalStorage?

[ashumilova]

It's whether not storing token in local storage(trying session storage), that is shared between user sessions, or adding additional data to differ user tokens. Not sure logout could be tracked in all use cases (expiration for example).