unable to signout from second app

israx commented 2 months ago

Before opening, please confirm:

[X] I have searched for duplicate or closed issues and discussions.
[X] I have read the guide for submitting bug reports.
[X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

JavaScript Framework

Next.js

Amplify APIs

Authentication

Amplify Version

v6

Amplify Categories

auth

Backend

Amplify Gen 2 (Preview)

Environment information

``` # Put output below this line ```

Describe the bug

I'm using amplify v6 to authentication into 2 different subdomains. Both apps are able to authenticate as they share the same set of tokens. However, when I try to signOut from App 2 the app clears tokens but the cognito session is still active.

Expected behavior

being able to log out from app 2

Reproduction steps

log in from subdomain 1
redirect to subdomain 2
logout from subdomain 2

Code Snippet

// Put your code below this line.

Log output

``` // Put your logs below this line ```

aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

israx commented 2 months ago

{ "response": "Based on the information provided, it appears that you're experiencing an issue with signing out from one of your subdomains while using Amplify v6 for authentication across multiple apps. This is a common issue when dealing with shared authentication across different domains or subdomains. To resolve this, you can use the signOut API with specific options to ensure a global sign-out. Here's a workaround:

In your App 2 (the subdomain where you're trying to sign out), modify your sign-out function to use the following code:

import { signOut } from 'aws-amplify/auth';

async function handleSignOut() {
  try {
    await signOut({ 
      global: true,
      oauth: {
        redirect: 'https://your-app2-subdomain.example.com/signout',
      },
    });
  } catch (error) {
    console.error('Error signing out:', error);
  }
}

Make sure to replace 'https://your-app2-subdomain.example.com/signout' with the actual URL of your App 2's sign-out page.
The global: true option ensures that the user is signed out from all devices and all apps sharing the same Cognito User Pool.
The oauth.redirect option specifies where to redirect after the sign-out process is complete. This is important to prevent any 'InvalidRedirectException' errors.

This workaround should resolve the issue by ensuring a complete sign-out across all apps and clearing the Cognito session. If you're still experiencing issues after implementing this solution, please provide more details about your Amplify configuration and the exact behavior you're observing after attempting to sign out.", "type": "WORKAROUND" }

israx commented 2 months ago

{ "response": "Based on the information provided, it appears you're experiencing an issue with logging out from a second subdomain while using Amplify v6 for authentication across multiple subdomains. This is a common issue when dealing with shared authentication across different domains or subdomains.

To resolve this issue, you can override the redirectSignOut URI via the signOut API. Here's a workaround:

In your App 2 (the subdomain where you're trying to log out), modify your signOut function as follows:

import { signOut } from 'aws-amplify/auth';

async function handleSignOut() {
  try {
    await signOut({ 
      global: true,
      oauth: {
        redirect: 'https://app2.yourdomain.com/signout', // Replace with your actual subdomain
      },
    });
  } catch (error) {
    console.error('Error signing out:', error);
  }
}

Make sure to replace 'https://app2.yourdomain.com/signout' with the actual URL of your second subdomain's signout page.
The global: true option ensures that the user is signed out from all devices and browsers, not just the current session.
The oauth.redirect option specifies where to redirect after the signout process is complete. This should match one of the sign-out URLs you've configured in your Cognito User Pool.

This workaround should resolve the issue by ensuring that the Cognito session is properly terminated when logging out from the second subdomain. The custom redirect URL helps Amplify match the current window URL with the allowed sign-out URLs, preventing any InvalidRedirectException errors.

Remember to update your Cognito User Pool settings to include this sign-out URL if you haven't already done so.", "type": "WORKAROUND" }

israx commented 2 months ago

{ "response": "Based on the information provided, it appears you're experiencing an issue with signing out from one of two subdomains using Amplify v6. This is a known behavior when dealing with multiple apps sharing the same authentication. To resolve this, you need to implement a global sign-out strategy. Here's a workaround:

In your sign-out function for App 2, use the signOut method with the global option set to true. This will ensure that the Cognito session is terminated across all apps.
Additionally, you should specify the oauth.redirect URL to ensure proper redirection after sign-out.

Here's an example of how to implement this:

import { signOut } from 'aws-amplify/auth';

async function handleSignOut() {
  try {
    await signOut({ 
      global: true,
      oauth: {
        redirect: 'https://app2.yourdomain.com/signout',
      },
    });
    // Handle successful sign-out (e.g., redirect to login page)
  } catch (error) {
    console.error('Error signing out:', error);
  }
}

Make sure to replace 'https://app2.yourdomain.com/signout' with the actual URL you want to redirect to after signing out from App 2.

This approach should resolve the issue by ensuring that the Cognito session is terminated globally, affecting both subdomains, while also handling the redirect properly for App 2.", "type": "WORKAROUND" }

israx commented 2 months ago

"

israx commented 2 months ago

Type: WORKAROUND

Response: Based on the information provided, it appears you're experiencing an issue with signing out from one of your subdomains while using Amplify v6 for authentication across multiple apps. This is a common scenario when dealing with shared authentication across different domains or subdomains. The problem occurs because the Cognito session remains active even after signing out from one app.

To resolve this issue, you can implement a workaround using the signOut API from Amplify v6. Here's a step-by-step solution:

First, make sure you're using the latest version of Amplify v6 in both of your apps.
In your App 2 (the app where you're trying to sign out), modify your sign-out function to use the following code:

import { signOut } from 'aws-amplify/auth';

async function handleSignOut() {
  try {
    await signOut({ 
      global: true,
      oauth: {
        redirect: 'https://your-app2-subdomain.example.com/signout',
      },
    });
    // Handle successful sign-out (e.g., redirect to login page)
  } catch (error) {
    console.error('Error signing out: ', error);
  }
}

Replace 'https://your-app2-subdomain.example.com/signout' with the actual URL of your App 2's sign-out page or where you want to redirect after signing out.
Ensure that the redirect URL you specify here is also listed in the "Sign out URL(s)" field in your Cognito User Pool settings under "App integration" > "App client settings".

This solution works because:

Setting global: true ensures that the sign-out operation clears the Cognito session across all apps using the same User Pool.
Specifying the oauth.redirect URL ensures that the browser is redirected to the correct location after the global sign-out is complete.

By implementing this workaround, you should be able to successfully sign out from App 2, which will clear the Cognito session and effectively log the user out of both applications.

Remember to test this solution thoroughly in your development environment before deploying to production. If you encounter any issues or need further assistance, please don't hesitate to ask for more help.

israx commented 2 months ago

Based on the information provided, it appears you're experiencing an issue with signing out from multiple subdomains using Amplify v6. This is a common issue when dealing with authentication across different subdomains. Here's a workaround to address this problem:

In your App 2 (the subdomain where you're trying to sign out), modify your signOut function to include the global and oauth options. Here's an example:

import { signOut } from 'aws-amplify/auth';

async function handleSignOut() {
  try {
    await signOut({ 
      global: true,
      oauth: {
        redirect: 'https://your-app2-subdomain.com/signout',
      },
    });
  } catch (error) {
    console.error('Error signing out: ', error);
  }
}

Make sure to replace 'https://your-app2-subdomain.com/signout' with the actual URL of your App 2's signout page.
The global: true option ensures that the user is signed out from all devices and browser tabs.
The oauth.redirect option specifies where to redirect after the signout process is complete. This is crucial for handling the signout across subdomains.
Implement this signOut function in your App 2 wherever you trigger the logout process (e.g., in a logout button click handler).

This workaround should resolve the issue by ensuring that: a) The Cognito session is properly terminated (global signout). b) The redirect is handled correctly for your specific subdomain.

If you're still experiencing issues after implementing this workaround, you may need to check your Cognito User Pool settings to ensure that the logout URLs for both subdomains are properly configured.

israx / hello-world