Open Ivan-Stashak-CardinalPeak opened 5 months ago
Did you achieve the promptless logout ?
+1
tldr; Silent logout is not part of the OAuth2.0 specification, so is not explicitly supported.
It's important to remember that OAUTH2 is a redirect flow based authorization framework. As such, it needs to redirect your browser to a URL that has access to the cookies that are stored under your IDPs domain in local storage. For security, browsers do not allow cross domain access to local storage.
The OAUTH2 specification extension RFC 7009 allows for a "revoke" endpoint.
2. Token Revocation Implementations MUST support the revocation of refresh tokens and SHOULD support the revocation of access tokens (see Implementation Note).
Which can revoke the refresh
token at the IDP, but they are not required to support revocation of access tokens.
You can see the docs on how to revoke refresh tokens with this library here: https://commerce.nearform.com/open-source/react-native-app-auth/docs/usage/revoke
It may be possible to support silent logout if
Issue
I'm using Microsoft Azure ActiveDirectory for my mobile app and am attempting to achieve silent (promptless) logout. I've setup a login_hint for my id token, but I'm unable to achieve a logout UX that prevents the popping of 2 dialogs - one for the user to acknowledge that the app wishes to use microsoftonline.com to Sign In and the second to choose the user to sign out.
Is promptless logout something that has been achieved with this library in react native?
In addition, the logout() method seems to log the user out as the Azure pop-up displays the message:
From here the pop-up dialog doesn't automatically dismiss, and I'm required to hit the 'Cancel' button in the top left corner in order to dismiss the dialog. This results in the logout() method returning the following error:
The operation couldn’t be completed. (org.openid.appauth.general error -3.)
I suspect that this may be due to my postLogoutRedirectUrl, which is:
'com.foo.mobile.unauth://oauth/'
Is this supposed to be an https url? I used this form due to the need to use a similar redirect for login:
'com.foo.mobile.auth://oauth/'
Note, I have no issues with login. Everything returns successfully and the Azure dialog presents with a continue button for dismissing itself after successful auth.
Environment
iOS
react-native
Version:0.71.4
react-native-app-auth
Version:7.2.0