FR (Authenticator): Support global sign-out

aws-amplify / amplify-ui

Amplify UI is a collection of accessible, themeable, performant React (and more!) components that can connect directly to the cloud.

https://ui.docs.amplify.aws

Apache License 2.0

919 stars 297 forks source link

FR (Authenticator): Support global sign-out #238

Open ericclemmons opened 4 years ago

ericclemmons commented 4 years ago

Is your feature request related to a problem? Please describe.

UI components don't allow for passing in arguments to the Auth.signIn and Auth.signOut calls:

Describe the solution you'd like

Investigate declarative solutions, similar to https://github.com/aws-amplify/amplify-js/pull/5443 & https://github.com/aws-amplify/amplify-js/pull/4185:

<amplify-sign-out global />

Describe alternatives you've considered

Calling Auth.signOut({ global: true }), but it's not declarative.

Additional context

If https://github.com/aws-amplify/amplify-js/pull/4185 is merged, then @aws-amplify/ui-angular lacks parity.

Jun711 commented 4 years ago

@ericclemmons I tried to use Auth.signOut({ global: true }) for a linked google account logout but I got this error from https://cognito-idp.us-east-1.amazonaws.com/ request.

Access Token does not have required scopes

Screen Shot 2020-06-30 at 1 12 35 PM

Could you tell me how to set up the scope for this?

This is what I have in my Cognito app client settings Screen Shot 2020-06-30 at 1 16 06 PM

It is not mentioned in the these documents https://docs.amplify.aws/lib/auth/emailpassword/q/platform/js#re-send-confirmation-code https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html

ericclemmons commented 3 years ago

Since we provide a signOut() method in @next, this method should support passing options:

<button onClick={() => signOut({ global: true })>Sign Out</button>

which gets passed to:

services: {
  signOut(context, event) {
    Auth.signOut(event.data);
  }
}

ericclemmons commented 3 years ago

Turns out this is harder to do than anticipated because the signOut actor only receives an xstate.init event, not the actual data from sendToMachine('SIGN_OUT').

De-scoping from the GA release so that we can investigate the following:

Remove signOut actor in favor of simpler invoke flow.
Ensure signOut route still exists and is returned for headless usage.

ericclemmons commented 1 year ago

Need me to pick this one up? ;)