search

aws-amplify / amplify-android

The fastest and easiest way to use AWS from your Android app.
https://docs.amplify.aws/lib/q/platform/android/
Apache License 2.0
247 stars 117 forks source link

Allow local signout to continue even if signout fails in hostedui webview #2842

Open tylerjroach opened 5 months ago

tylerjroach commented 5 months ago

Before opening, please confirm:

Language and Async Model

Kotlin

Amplify Categories

Authentication

Gradle script dependencies

Not Relevant

Environment information

Not Relevant

Please include any relevant guides or documentation you're referencing

No response

Describe the feature request

There have been a few asks to allow the device credentials to be cleared even if hostedui signout from the browser fails. This case is primarily if the device does not have network.

The reason this has not been allowed is because it leaves the user signed in on the browser. Launching signInWithWebUi again would end up automatically signing in without presenting a login screen in the browser, since the previous credentials are still present in the browser. We should check if there is any possible way to force the login screen when relaunching the flow.

Initialization steps (if applicable)

No response

Code Snippet

// Put your code below this line.

amplifyconfiguration.json

No response

GraphQL Schema

```graphql // Put your schema below this line ```

Additional information and screenshots

No response

lokeshbhattarai commented 5 months ago

Thank you for adding this ticket. Super appreciate this.

  1. I have this use case in my app because the app supports mix of offline and online data. User is still able to play around with a bunch of screens and see the cached data when they are offline. So it's necessary to support sign-out when the user is offline.

  2. If I may, I wanna suggest that it would be wonderful if Amplify-Auth could support sign out without even displaying the browser (even if login was done via signInWithWebUI). Please let me know if it's already possible. This is more towards enhancing UX by supporting sign out without having to see the browser pop-up. I've worked on a couple of projects where the backend decides (due to business logic) that user needs to re-authenticate on the app. We mostly intercept the HTTP response code behind the scene and redirect user to login page. So it feels weird when user is doing something but suddenly they see a pop up for a few seconds and then jump to another screen. We add proper messaging to inform the user but still the flow doesn't quite feel seamless. It also becomes difficult if the API call was happening in the background and app needs to silently sign out. There could be other scenarios that I'm missing. However, there may be a another way to do this. I've used other Identity Provider SDK that supports custom options like prompt in OpenID Connect to be able to force user to the login. This means app can silently clear the app session and force user to login with signInWithWebUI without having to call signOut. So it would be great if Amplify Auth could support this.