search

AxaFrance / oidc-client

Light, Secure, Pure Javascript OIDC (Open ID Connect) Client. We provide also a REACT wrapper (compatible NextJS, etc.).
MIT License
597 stars 160 forks source link

Promise returned from logout will resolve even if the logout action was unsuccessful #470

Closed anied closed 2 years ago

anied commented 4 years ago

Issue and Steps to Reproduce

When using the react-oidc-context variant of the library, a call to the logout function returned from the useReactOidc() hook will resolve (as opposed to reject) if the logout fails.

To Reproduce

  1. Login to an application using react-oidc-context
  2. Logout in a manner that will cause the logout to fail (in my case, I kill the VPN so that the POST to the /revoke endpoint of our IDP will fail with a ERR_NAME_NOT_RESOLVED error)

Versions

react-oidc-core@3.0.9-alpha.0 for both react-oidc-context and react-oidc-core

Expected

The promise returned from logout() will reject, allowing the implementation to handle a failing condition in a .catch() block.

Actual

The promise returned from logout() resolves. Because the library logout exited early and there is no opportunity to manually clear the tokens from the UserStore, the application will remain in a logged in state.

Please let me know if there is more information needed to help understand this issue. Thanks, love the library.

guillaume-chervet commented 4 years ago

Hi @anied , thank you for your issue. We will fix it as soon as we can.

guillaume-chervet commented 2 years ago

Do you still have it in version 4 ? https://www.npmjs.com/package/@axa-fr/react-oidc-context It should work. Very sorry for the delay.

guillaume-chervet commented 2 years ago

Hi @anied , this is fixed in v5. Very sorry for the delay. I close the issue, feel free to reopen it if you need.