aws-amplify / amplify-js

A declarative JavaScript library for application development using cloud services.
https://docs.amplify.aws/lib/q/platform/js
Apache License 2.0
9.44k stars 2.13k forks source link

Logout issue with Amplify 6 Single sign on #13987

Open deepu-iinerds opened 2 weeks ago

deepu-iinerds commented 2 weeks ago

Before opening, please confirm:

JavaScript Framework

Angular

Amplify APIs

Authentication, Storage

Amplify Version

v6

Amplify Categories

auth, storage

Backend

Other

Environment information

``` # Put output below this line System: OS: Linux 6.8 Ubuntu 24.04.1 LTS 24.04.1 LTS (Noble Numbat) CPU: (8) x64 Intel(R) Core(TM) i5-10210U CPU @ 1.60GHz Memory: 4.13 GB / 15.38 GB Container: Yes Shell: 5.2.21 - /bin/bash Binaries: Node: 20.17.0 - ~/.nvm/versions/node/v20.17.0/bin/node npm: 10.8.2 - ~/.nvm/versions/node/v20.17.0/bin/npm Browsers: Chrome: 129.0.6668.58 npmGlobalPackages: @angular/cli: 18.2.8 corepack: 0.29.3 npm: 10.8.2 ```

Describe the bug

I am using confirmSignIn, signIn, signOut functions from aws-amplify/auth for login/logout of my application (Angular version 17.3.12 and Amplify v6.4.2). We are make use of the Single sign on since we have multiple angular applications. Also, using Cookie storage as the storage mechanism for the amplify library. We have multiple web applications which make use of a single login feature. User will be taken to one of the applications based on his configuration. Logout can be done from any applications using a common shared header that contain logout button, which uses our custom library.

Case 1: If I try to logout from the main application, it will successfully logout, and redirect to landing page

Case 2: If I try to logout from any of the redirected applications, no action is happening in the page. A request to https://cognito-idp.us-west-2.amazonaws.com is sent, and HTTP 200 is returned as response. The cookies are not getting cleared, and refreshing the page leads to landing page of the main application, which is the redirectUrl that we have given.

Expected behavior

While using Single sign on with my applications having same domain, expected to completely logout from all the linked applications

Reproduction steps

  1. Enable single sign on for multiple applications; say MainApp, ChildApp1, ChildApp2 etc.
  2. Login to MainApp
  3. Navigate to ChildApp1 [Use cookie storage to share the token and other auth informations] Try to logout from the ChildApp1.

Code Snippet

/* imports */
import { Component, NgZone, OnInit, inject } from '@angular/core';
import { DomSanitizer } from '@angular/platform-browser';
import { Router } from '@angular/router';
import { Hub } from "aws-amplify/utils";
import { confirmSignIn, signIn } from 'aws-amplify/auth';
import { getCurrentUser, signInWithRedirect } from "aws-amplify/auth";
import { MatDialog } from '@angular/material/dialog';
import { FormBuilder, FormControl, FormGroup, Validators } from '@angular/forms';
import { ActivatedRoute } from '@angular/router';

/* Login function */
async submitLogin() {
    try {
      let uname:String = this.loginForm.get('username').value;
      let pwd:String = this.loginForm.get('password').value;
      if (!uname || !pwd) {
        this.errorMessage="Username/Password cant be blank!";
      }else{
      const { nextStep } = await signIn({
        username: this.loginForm.get('username').value,
        password: this.loginForm.get('password').value
      })
      this._loaderSer.requestEnded();
      if (nextStep.signInStep === "CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED") {
        const dialogRef = this.dialog.open(PasswordDialogComponent, {
          width: '350px', disableClose: true
        });
        dialogRef.afterClosed().subscribe(result => {
          if (result) {
            this.passwordRepeat = result.password;
            this.confirmPassword = result.confirmPassword;
+        confirmSignIn({challengeResponse: this.confirmPassword});
          }
        });       

      }else if (nextStep.signInStep === "DONE") {

      }
    }
    } catch (error) {
      this._loaderSer.requestEnded();
      this.errorMessage = error.message || 'Login failed';
      console.log('Error during login:', error);
    }
  }

/* Logout function */
 onLogoutClick() {
        signOut({ global: true, oauth: { redirectUrl: this._ser.signOutUrl } })
            .then(data => console.log(data))
            .catch(err => {
            console.log(err);
            signOut({ global: true, oauth: { redirectUrl: this._ser.signOutUrl } });
        });
    }

Log output

``` // Put your logs below this line ```

aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

ashika112 commented 2 weeks ago

@deepu-iinerds While we work on investigating further here, couple of followups here,

  1. Can you confirm all the logins app configured for SSO is on same domain?
  2. Is you application a Multi-page application by any chance? If yes, have you looked and followed through this documentation?
  3. To look closer into this, Could you share your cookie storage implementation?
cwomack commented 1 week ago

@deepu-iinerds, following up with another ping to see if you can answer the questions above. Let us know if you're still blocked here. Thanks!