React-Native logout error /api/account/logout

nev-21 commented 8 months ago

Is there an existing issue for this?

[X] I have searched the existing issues

Description

When click on logout button an error appear on the dotnet server:

'OpenIddictValidationAspNetCoreHandler' which cannot be used for SignOutAsync. 
The registered sign-out schemes are: Identity.Application, Identity.External, Identity.TwoFactorRememberMe, Identity.TwoFactorUserId, OpenIddict.Server.AspNetCore.
System.InvalidOperationException: The authentication handler registered for scheme 'OpenIddict.Validation.AspNetCore'
is 'OpenIddictValidationAspNetCoreHandler' which cannot be used for SignOutAsync.
The registered sign-out schemes are: Identity.Application, Identity.External, Identity.TwoFactorRememberMe, 
Identity.TwoFactorUserId, OpenIddict.Server.AspNetCore.

Reproduction Steps

create a new abp project with react native abp new Test -u none -m react-native -d ef -dbms MySQL
run it: https://docs.abp.io/en/abp/latest/Getting-Started-React-Native?Tiered=No There is one additional step that is not mentioned in the tutorial (the port on Environment.js should match the dotnet port)
run dotnet, run react-native, execute Android studio virtual smartphone
login, then click logout (a toast error will appear, and the error is visible on dotnet server too)

Expected behavior

no error should appear.

I think /api/account/logout purpose is to delete cookies on browser? or am I wrong?. So if react-native doesnt need cookies (cause it is a mobile app) and it is doing password flow (ROPC) it should call revoke access-token instead of logout.

Actual behavior

an error appear on logout.

Regression?

No response

Known Workarounds

workaround:

The error appear when this code is executed: https://github.com/abpframework/abp/blob/7.4.2/templates/app/react-native/src/api/AccountAPI.js#L34-L38

I tried to replicate in postman, the same error appear:

When i change the Authorization from Bearer to No-auth or Basic (with any data) the error dissappear

So, the error appear cause in react native, the Logout endpoint is called cause the interceptor adds the access token to the call. https://github.com/abpframework/abp/blob/7.4.2/templates/app/react-native/src/interceptors/APIInterceptor.js

The saga erase the token after logout is called, maybe call it before call logout make it work (but i dont know if that makes sense, cause the logout endpoint is supposed to erase cookies but it is a native app) https://github.com/abpframework/abp/blob/7.4.2/templates/app/react-native/src/store/sagas/AppSaga.js

Version

7.4.2

User Interface

React Native

Database Provider

EF Core (Default)

Tiered or separate authentication server

None (Default)

Operation System

Windows (Default)

Other information

The docs are strange too. They say react-native apps do auth-code flow, but the code says grant_type: 'password' so i think this should be clarified.

https://docs.abp.io/en/commercial/latest/getting-started-react-native#add-application-to-database

Since ABP version 7.4 react native uses [authorization code flow](https://datatracker.ietf.org/doc/html/rfc8252), 
you need to add an application to the database for the mobile application. 
ABP will create a client for the mobile application. 
You can use the DbMigrator project to add an application to the database. 
You can find the DbMigrator project in the aspnet-core/src/ProjectName.DbMigrator folder.

masumulu28 commented 5 months ago

Hi @nev-21 commercial part is using authorization_code flow for now we'll convert open source too. Document belongs to commercial not open source

This is open source react native template document

As far as I understand you are using open source template not pro template. I'm checking and try to reporduce error. I'll solve in this issue.

masumulu28 commented 5 months ago

We'll change auth method to authorization_code flow in the future. If u want to keep move with password flow this PR will solve your problem

abpframework / abp