Logout support for external Revocation Endpoint #255
Comments
|
AppAuth does not currently officially support Logout, or any other user-agent endpoints other than authorization (the crash is WAI, as the method suggests it's only for authorization requests). You can implement something yourself though, as we do have some of the glue already to support generic external user-agent requests. You'd need to create a concrete implementation of Once you have those objects, which describes your logout request, and how you plan to handle any responses, create an instance of AppAuth-iOS/Source/OIDExternalUserAgent.h Lines 33 to 42 in a19bfb6 You could also see if there is a fork or PR that solves this for you. This issue tracker is only for merged features of AppAuth, so I am not commenting about that work here. |
WilliamDenniss
added
question
out-of-scope
|
Got it, thank you for the response and the suggestion! Very helpful! |
|
@bcary, this will very soon be in-scope now. You can try a complete Logout implementation in https://github.com/openid/AppAuth-iOS/tree/dev-logout (PR: #259) in fact I'm keen for you to try it and let me know if it works for you before we merge it in. |
WilliamDenniss
removed
the
out-of-scope
|
Awesome, I should be able to try it out before the end of the week! |
|
Cool! Did you try it out @bcary? I'm keen to learn how it worked out for you. |
|
I am also interested in logout functionality. Right now, when I try to log back in, it logs me in with the logged out user. Is this going to be a thing? |
|
@WilliamDenniss please correct me if I am wrong, I directed my pod to your in ios 11 Previously this is how I did logout: with dev-logout branch (I still couldn't completely figure out The old way and the new way works out fine, they both do logout fine. My actual question: Is there a way to logout and delete the cookies without prompting user to a logout page, like every other app/website does? Because iOS throws this annoying alertview says SIGN IN in the alert view, which is kinda of a big deal for my UX designer.
|
|
@bcary I also tried your implementation, but it doesn't work for me: - (void)logoutFromViewController:(UIViewController *)controller {
AppDelegate *appDelegate = (AppDelegate *)[[UIApplication sharedApplication] delegate];
[appDelegate.authState performActionWithFreshTokens:^(NSString *_Nonnull accessToken,
NSString *_Nonnull idToken,
NSError *_Nullable error) {
if (error) {
NSLog(@"Error fetching fresh tokens: %@", [error localizedDescription]);
[[NSNotificationCenter defaultCenter] postNotificationName:REFRESH_TOKEN_EXPIRED_NOTIFICATION object:nil];
}
else {
NSString *logoutURLString = [PayInTechAPIClient logoutEndpoint];
NSURL *logoutURL = [NSURL URLWithString:logoutURLString];
NSURL *redirectURI = [NSURL URLWithString:kRedirectURI];
OIDServiceConfiguration *config = [[OIDServiceConfiguration alloc] initWithAuthorizationEndpoint:logoutURL tokenEndpoint:logoutURL];
NSDictionary *additionarParams = @{@"id_token_hint": idToken};
OIDAuthorizationRequest *request = [[OIDAuthorizationRequest alloc] initWithConfiguration:config
clientId:[PayInTechAPIClient kClientID]
clientSecret:[PayInTechAPIClient kClientSecret]
scope:@"openid offline_access profile"
redirectURL:redirectURI
responseType:OIDResponseTypeCode
state:[OIDAuthorizationRequest generateState]
codeVerifier:[OIDAuthorizationRequest generateCodeVerifier]
codeChallenge:[OIDAuthorizationRequest generateCodeVerifier]
codeChallengeMethod:@"plain"
additionalParameters:additionarParams];
[OIDAuthorizationService presentAuthorizationRequest:request presentingViewController:controller callback:^(OIDAuthorizationResponse * _Nullable authorizationResponse, NSError * _Nullable error) {
NSLog(@"authorization response : %@", authorizationResponse);
NSLog(@"logout error : %@", error);
}];
}
}];
}Is there something I'm missing out? This is what I'm getting: What's your |
|
We ended up removing our dependency to AppAuth in favor of implementing the ROPC flow from our Identity Provider, which eliminated our need to visit an external Endpoint for any auth actions |
|
@danipralea issuer is our endpoint then in our identity 3 server we have so my both implementations end session url becomes |
|
Whenever I try to initiate logout by calling:
This is weird, as it seems that the viewcontroller which is deallocating is the one of AppAuth which I actually attempt to present. How to fix it? |
|
Figured it out. Result of the call must be persisted. This way it's presented fine. |
|
@WilliamDenniss I see that the library uses different APIs for authentication depending iOS version (SFSafariViewController in iOS 10, SFAuthenticationSession in iOS11 and ASWebAuthenticationSession is iOS 12 or newer). We were using older version of AppAuth and in order to log out we were initializing SFSafariViewController with our "endsession" endpoint, but now this doesn't work since session is not shared between Safari and ASWebAuthenticationSession. Any suggestion how to proceed with it? |
|
@ugenlik Did you manage to resolve this?
|
Have you find any way to logout and delete the cookies without promotion user ? |
Even I am getting Sign In alert for logout alert popup, any fixes please |
|
Hi , ITMS-90809: Deprecated API Usage - Apple will stop accepting submissions of apps that use UIWebView APIs . See https://developer.apple.com/documentation/uikit/uiwebview for more information. |
is there any news? thanks in advance |
|
@razan1994alali , @RanjeetStiga , @Hexfire I am not sure if anyone has still issues with log out. Fo our iOS >10 Here is steps how I log out from our Identity 3 and 4 servers. *Have this class in your project *Our Identity Servers has some modifications such as we have a *Construct a *Then init *Then call Full Function is: |
Hi @ugenlik , did you manage to get rid of the popup? |
|
Hi can i know did you, @ugenlik , managed to done the logout without the pop out alert? |
|
same problem here i got sign in dialog instead of logout information text when using |
|
Same problem |
|
Concerning the "sign in" alert: I think there is no real solution since this dialogue is presented by the system. So I guess there is no need to wait for people fixing that in the library - only Apple can do something here. As long as you have to end the session you built up with If you are just using this logout mechanism to prevent automatic logins with the previous user (resulting in an opening Browser which directly gets closed again) there is a way to prevent this. This would be something that would definitely make sense to be supported by the AppAuth lib. There should be a setting on the For any other case I think there is no real solution to this. If anyone can proof me wrong I would be happy. |
and others
Is your feature request related to a problem? Please describe.
During the logout process, I am invoking the authorize call (authStateByPresentingAuthorizationRequest in OIDAuthState) with the revocation endpoint. The browser opens, but since I do not receive an authorizationCode in return because its a logout action, the exception thrown on line 204 of OIDAuthorizationResponse crashes my app.
Describe the solution you'd like
I think there should be a configuration check to see if a logout action is being performed, in which case to return nil instead of throwing an uncaught exception.
Describe alternatives you've considered
I am not able to wrap the callback I send in with a try catch because this exception is thrown within the library, prior to the callback being invoked.
I have a fork of this library now that wraps the tokenExchangeRequest made from OIDAuthState in a try catch, and in turn invokes the callback with a nil authState
The text was updated successfully, but these errors were encountered: