Closed rasmusohrstig closed 6 years ago
Thanks for the heads up.
The logout code is set up to call both the /oauth/logout end point and also the /oauth/revoke for good messure/to be extra sure. https://github.com/telenordigital/connect-android-sdk/blob/master/connect/src/com/telenor/connect/id/ConnectIdService.java#L191 https://github.com/telenordigital/connect-android-sdk/blob/master/connect/src/com/telenor/connect/id/ConnectIdService.java#L192
I would maybe expect the 401 response on revoke because the logout call also revokes the authorization. Are you sure the access and refresh tokens are still valid after?
The problem has been found. The code is asynchronous, so there is a timing issue where the revoke call reaches the server before the logout call. Will create a fix.
I ocassionally see this exception after calling ConnectSdk.logout(). I'm not sure how to recreate it, but it has happened several times. It seems to be time-related. Perhaps a temporary server problem of some sort.
Failed to call logout with access token on API. accessToken=Hqw6zLX5YQ7nY8lI697K1PIvyma retrofit.RetrofitError: 401 Unauthorized at retrofit.RestAdapter$RestHandler.invokeRequest(RestAdapter.java:388) at retrofit.RestAdapter$RestHandler.access$100(RestAdapter.java:220) at retrofit.RestAdapter$RestHandler$2.obtainResponse(RestAdapter.java:278) at retrofit.CallbackRunnable.run(CallbackRunnable.java:42) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636) at retrofit.Platform$Android$2$1.run(Platform.java:142) at java.lang.Thread.run(Thread.java:764)
This is a problem in and of itself of course, but what's worse is that ConnectTokensStateTracker.onTokenStateChanged() is still called with the argument hasTokens = false. This means that the app thinks that we have been logged out when in reality we are still logged in. The access token and refresh token are still valid.