Version 0.2.1 Login and Logout Don't work in Conjunction

[davidhartley]

I've been trying to get version 0.2.1 logout (signOutFromOkta) working and I've run into troubles. Is this supposed to be working in this version?

Here are my two trouble cases:

1. The user is not logged in. In this case, the user logs in (successfully). When they go to logout, instead the browser sends them through the login process again, automatically passing them forward to the logged in activity again. It appears to never reach the logged out redirect.
2. The user is logged in, then clear the browser cache. The user is able to log out (successfully). However when they go to log in again, it instead sends them to the log out route and they are unable to login again. It appears to be never reach the logged in redirect.

[Fei-Chen-]

Are you testing with the sample? I have seen the first issue with the sample. The sample doesn't show logout functionality properly. It does a log out in the browser to clear the cache but it doesn't revoke and clear the tokens in the app. So when it redirects back to the application it still have valid tokens. The sample should revoke and clear the token if end session completes.

I have not tried the second case but from the description it looks like another issue with the sample.

[davidhartley]

This is using our organization's app, not the sample.

I've tried using the revoke token and clearSession as well but it doesn't seem to affect this situation. I'm not convinced that sign out is in working order. I don't see anything in the documentation about the process other than the signOutFromOkta method.

It looks like the wrong completion intent is hung onto by Okta in login/logout and gets sent depending on which one is called first. For example, if I log in successfully, then log out, the completion intent for login is called instead of the one provided for logout. But if I hard close the app and start from the logged in state, logging out works OK, but login does not. Seems to be a bug though it's hard to tell if that's the only problem.

[Fei-Chen-]

The issue is with OktaAppAuth using a application context to start the logout process. This should never work but for some odd reason this worked sometimes with different devices. I've submitted a fix. You have to pass in the Activity context in init.

[davidhartley]

That's not the case - I am passing an Activity context in init.

[Fei-Chen-]

Yes the app may be passing in the Activity context but the constructor in OktaAppAuth is calling getApplicationContext()

protected OktaAppAuth(Context context) {
        mContext = context.getApplicationContext();

[davidhartley]

This appears to still be an issue in version 0.2.2 - logout and login work independently, but if you try to do one then the other, it sends you to the wrong completion intent.

[FeiChen-okta]

Hi David,

I suspect it is something to do with OktaManagementActivity saving and restoring instance state. It is probably extracting the instance state from the old instance so the completion intent is wrong. I'll investigate further and put in a fix if this is the case.