How to logout without redirection

[pavdev64]

I'd like to log out user without destroying app state of SPA - it means without reload or redirecting after requesting end session endpoint.

The current logout flow

const { logout } = useOidc();
logout();

changes url or reloads the single page application when used.

This can be hacked by code like this

const oidcClient = OidcClient.get();
oidcClient.publishEvent('logout_from_same_tab', {});
await (oidcClient as any)._oidc.destroyAsync('LOGGED_OUT');

// + custom logic to fetch the end session endpoint not following redirects

However this is a bit hacky to use internal _oidc property since v. 6x added OidcClient and hid destroyAsync by the OidcClient interface.

Would it be possible

• add an option that would log the user out without reloading or redirecting (xhr/fetch request with not followed redirection).
• an option to disable reloading or redirection after logout or a method that would gracefully end the client session Or do you think this is not possible because it's not safe?

Some ideas

const oidc = useOidc();

oidc.logout({ noReload: true }); // would contact the auth server by fetch request and ignored returned location change (redirect)

oidc.clientOnlyLogout(); // the same as above

oidc.silentLogout(); // the same as above

oidc.destroy(); // this would do all logout except contacting the auth server (could be used by the logout methods)

oidc.endSession(); // the same as above

Note: It may happen that CSP policies prevent rendering in an iframe, so the silent logout in iframe isn't the way.

• Installed packages: "@axa-fr/react-oidc": "7.15.4",

[guillaume-chervet]

Hi @pavdev64 ,

Thank you for your issue. Yes i think it is possible to add it, may be this morning or the next week.

[guillaume-chervet]

Hi @pavdev64 , latest version implement it by adding in extra no_reload:oidc=true

[pavdev64]

This is awesome @guillaume-chervet. Just one line now, no hack is needed anymore. Thanks!

oidc.logout(null, { 'no_reload:oidc': 'true' });