search

okta / okta-oidc-js

okta-oidc-js
https://github.com/okta/okta-oidc-js
Other
395 stars 232 forks source link

Calling logout() on a logged out user doesn't complete #446

Open MarcusChamberlain opened 5 years ago

MarcusChamberlain commented 5 years ago

I'm submitting this issue for the package(s):

I'm submitting a:

Current behavior

When calling logout() in okta.service the first time, it successfully logs out the user and redirects to a custom url. However, if the user is not logged in and logout() is called again, it appears to get stuck. I can't be certain where it's getting stuck since I'm poking around dist files, but I believe it's:

await this.oktaAuth.signOut();

which never completes. While it may seem odd to logout an already logged out user, this can happen if a user has two tabs open and logs out from one tab and then clicks logout again in the second tab. In our specific case, the user signs out in one tab but then click a submit button in the second, which returns a 403 from our backend API. When we encounter a 403, we call logout() in the okta service, but this never completes.

Expected behavior

If the user is already logged out, the .signOut() call should still complete and attempt to clear their credentials, even if they have already been cleared, then redirect to the specified url.

Minimal reproduction of the problem with instructions

Download and run the sample app from here. Open two tabs - click logout in the first tab, then the second. The second never resolves. To make it more obvious, you can try setting a logout url to something like "/foo".

mraible commented 5 years ago

I haven't had this issue and I just published a new tutorial that uses our Angular SDK yesterday. It might be an issue in the sample more than the SDK.

swiftone commented 5 years ago

I've been able to duplicate this issue in react - it falls back to okta-auth-js and a call to DELETE /sessions/me that 404s. (Though I used session expiration, I believe the same response occurs if the user is already logged out). I'm chasing that issue currently and will revisit this issue to see if the same fix applies.