How to pass token to OktaContext.Current.RevokeAsync method - Githubissues

okta / okta-oidc-xamarin

Okta OIDC SDK for Xamarin

https://github.com/okta/okta-oidc-xamarin

Apache License 2.0

10 stars 11 forks source link

How to pass token to OktaContext.Current.RevokeAsync method #43

Closed PBhuva closed 3 years ago

PBhuva commented 3 years ago

Hello Team,

We are trying out the stable version of Okta SDK i.e okta.Xamarin(1.0.0). We are able to login successfully and get all the tokens like access token, refresh token, idtoken.

For our logout usecase we tried OktaContext.Current.RevokeAsync(TokenKind.AccessToken); but after completion of Revoke method if we check the status of token in introspect API we still can see the token in active state.

Current behavior

Login using OktaContext.Current.RevokeAsync(TokenKind.AccessToken); method Check the token status in introspect Access token state is shown as "active": true,

Expected behavior

Login using OktaContext.Current.RevokeAsync(TokenKind.AccessToken); method Check the token status in introspect Access token state should be shown as "active": false,

Environment

OS:
- iOS
Other:
- Visual Studio for Mac version 8.9.7(build 8)

bryanapellanes-okta commented 3 years ago

@PBhuva, Thanks for bringing this to our attention! I will add an item to our backlog for review; it will need to be prioritized against other work. However, I will take a quick look to see if there is a way to quickly unblock you.

bryanapellanes-okta commented 3 years ago

@PBhuva, To help me reproduce what you are seeing can you share minimal code that illustrates the problem that occurs?

PBhuva commented 3 years ago

@bryanapellanes-okta I have updated the Sample at https://github.com/PBhuva/OktaRenewAsyncSample I have added a new button RevokeToken. In order to reproduce the issue click on the Login button and once the Login is completed then click RevokeToken button. Check the status of access token received in Login response using v1/introspect API on postman. The status of access token is still shown as active.

Please comment below code in OnLogin method for checking this scenario await OktaContext.Current.RenewAsync(false, OktaContext.Current.OktaConfig.AuthorizationServerId);

                OktaContext.Current.RenewCompleted += (sender1, args1) =>
                {
                    RenewEventArgs renewEventArgs = args1;
                    IOktaStateManager oktaStateManager1 = renewEventArgs.StateManager;

                };

bryanapellanes-okta commented 3 years ago

@PBhuva, Due to other priorities I won't be able to review this right away. I'll comment here when there is additional information to share. I apologize for the inconvenience.

bryanapellanes-okta commented 3 years ago

@PBhuva, I'm trying to run the sample you provided and am experiencing a number of issues with the configuration; I am unable to debug your project for some reason. Please confirm what Android version you are compiling with and what device version (whether virtual emulator or physical) you are using to debug. I will continue to investigate. Thanks!

PBhuva commented 3 years ago

@bryanapellanes-okta This sample is for iOS and we are using iPhone 6 Plus OS version 12.4.9. Also please change the configuration of iOS in OktaConfig.xml and info.plist

bryanapellanes-okta commented 3 years ago

@bryanapellanes-okta This sample is for iOS and we are using iPhone 6 Plus OS version 12.4.9. Also please change the configuration of iOS in OktaConfig.xml and info.plist

Thanks for the clarification. I hope to have more soon.

bryanapellanes-okta commented 3 years ago

@PBhuva, Quick update, it looks like the revoke and renew implementations are not complete due to limited data on expected usage. I am in the process of updating the implementation to be more in line with expected behavior. The next release branch is found here: https://github.com/okta/okta-oidc-xamarin/tree/release-v2.0.0

This also affects: https://github.com/okta/okta-oidc-xamarin/issues/42

bryanapellanes-okta commented 3 years ago

It turns out that there was a bug in the Revoke and Renew implementations, this has been corrected in the v2 release: https://github.com/okta/okta-oidc-xamarin/pull/48

v2 is available on nuget.org:

PBhuva commented 3 years ago

@bryanapellanes-okta The RevokeAsync method does not revoke the token if we use AuthorizationServerId other than "default". Also is there a way to pass token to OktaContext.Current.RevokeAsync method?

bryanapellanes-okta commented 3 years ago

@bryanapellanes-okta The RevokeAsync method does not revoke the token if we use AuthorizationServerId other than "default". Also is there a way to pass token to OktaContext.Current.RevokeAsync method?

@PBhuva I've opened issue #54 to address the issue. The authorizationServerId value is not correctly retrieved from the configuration where appropriate. This is a bug that I'll fix for inclusion in the next release.

I'll also review for inclusion of a method override that allows you to specify the token.