Open cgkronos opened 1 year ago
I've tried
let appDelegate = UIApplication.shared.delegate as! AppDelegate
appDelegate.oauth2?.forgetClient()
appDelegate.oauth2 = OAuth2CodeGrant(settings: OAuthParams )
appDelegate.oauth2!.authConfig.authorizeContext = KronosWebsite?.window//KronosWebsite the WKWebview
runOauth()
and I've this in the console
[Debug] OAuth2: Forgetting client credentials and removing them from keychain
[Warn!] OAuth2: Failed to delete credentials from keychain: Error Domain=swift.keychain.error Code=-25300 "(null)"
I'm no expert at this and haven't used forgetClient(), but I use these as some sites drop a cookie (you can print out the cookies to check whether it's this):
oauth2.forgetTokens()
HTTPCookieStorage.shared.cookies?.forEach() { HTTPCookieStorage.shared.deleteCookie($0) }
_ = WKWebsiteDataStore.default().httpCookieStore // Flush the cache
btw. You can lookup error codes like -25300 at https://osstatus.com/search/results?platform=all&framework=all&search=-25300
Thanks for your answer, but cleaning cookie before runoauth does not seem to fix the issue, I will continue to dig
EDIT: now the previous errors are gone I don't know why the OAuth process restart without requiring user credentials, in the console I see this
[Debug] OAuth2: Handling redirect URL kronos://oauth/callback?code=0d8308c0e3b89d79d2109ecbf385a7100c9bd8c9&state=7757EC5E
[Debug] OAuth2: Adding “client_id” and “client_secret” to request body
[Debug] OAuth2: Exchanging code 0d8308c0e3b89d79d2109ecbf385a7100c9bd8c9 for access token at ***
[Debug] OAuth2: Did exchange code for access [true] and refresh [true] tokens
It seems that some infos are stored somewhere but I don't know where
EDIT2: I've also added this
let secItemClasses = [kSecClassGenericPassword,
kSecClassInternetPassword,
kSecClassCertificate,
kSecClassKey,
kSecClassIdentity]
for secItemClass in secItemClasses {
let dictionary = [kSecClass as String:secItemClass]
SecItemDelete(dictionary as CFDictionary)
}
I've found attributes keychainAccountForClientCredentials
and keychainAccountForTokens
,
maybe I need to delete data from these account, is this possible and if it is how?
I'm not sure about the attributes you just listed (I do override keychainServiceName
and assureCorrectBearerType
) but I went through similar debugging to get things going in my case. The things I did was set breakpoints and do some debugging in the OAuth2 library, call oauth2.forgetTokens()
and remove the cookies, then restart my app without going through the auth code, and most importantly use the system Keychain Access utility to monitor what is going into the keychain.
Be sure to let us know what you learn.
Ok I've opened the keychain-2-debug.db removed the entries in genp table with a name contain our app id and logoff again and I'm still reconnected immediately. I will double check if this issue truely come from swift app and not from server side, what I'm sure is that the revoking of access_token works (the DB is correctly updated)
I've solved this issue, I just had to clean cookies for the SFSafariViewController (I've done that in PHP)
Hello, In swift I'm calling successfully a callback URL which revoke a token after the user is logout, and right after I call this to enable re-logging
But it re-log the user automatically when loading logging page (I see briefly safariVC but it is dismissed almost instantly), strangely the first logoff works well but if I relog I cannot sign off anymore and I have that line in the console when it relog
[Debug] OAuth2: Did exchange code for access [true] and refresh [true] tokens
In DB the previous token is deleted at the revocation and a new one is created, so I don't know how the user can be relogged without crendentials asked