pixel-identity icon indicating copy to clipboard operation
pixel-identity copied to clipboard

Published 20 hours ago verified publisher icon Nfactor26

Logout from Sample App with error alert in Pixel Identity

Open digitarenet opened this issue 2 years ago • 5 comments
trafficstars

I have made some others tests:

  1. Pixel Identity correctly running
  2. Sample.Service.Api correctly running
  3. Samples.Blazor.App correctly running
  4. Login in Pixel Identity with user A
  5. Reloading Sample.Blazor.App I'm correctly logged in with user A
  6. Now I logout from Sample.Blazor.App
  7. THE ISSUE: in Pixel Identity (I not reload page where I'm already logged) seem that I'm still logged as user A but if I click on any nav menu link I receive an error (MudBlazor Red Alert in the upper right corner) with message:

'<' is an invalid start of a value. Path: $ | LineNumber: 1 | BytePositionInLine: 0.

Inspecting http calls, for example clicking on Account > profile link menu, there is a call to

https://localhost:44382/pauth/api/users/name/**USERNAME**

that response 302 redirect to

https://localhost:44382/pauth/Identity/Account/Login?ReturnUrl=%2Fpauth%2Fapi%2Fusers%2Fname%2F**USERNAME**

and this request response 200 OK with HTML content.

There is something wrong that I have done? Thank you.

digitarenet avatar Aug 18 '23 17:08 digitarenet

AddOn: At point 7. if I reload Pixel Identity page seem that I'm still logged in. Instead in Blazor.Sample.App I'm correctly logged out also if I reload home page.

digitarenet avatar Aug 18 '23 17:08 digitarenet

Ack. I will have to check this.

Nfactor26 avatar Aug 18 '23 17:08 Nfactor26

Seems issue on client side which is not able to respond to redirect. It will take a while to address this as I still don't have a solution. Planning to take a look at this when upgrading to dotnet 8. I hope this is not a blocker for you at the moment.

Nfactor26 avatar Aug 26 '23 08:08 Nfactor26

I'have seen that the call in UserServices

var resp = await httpClient.GetFromJsonAsync<UserDetailsViewModel>($"api/users/name/{userName}");

not responding with a json but with html (user is no longer authenticated) because the API has [Authorized] attribute and so deserialization fails. This also happens with others api.

Instead, it should redirect to login page?

digitarenet avatar Aug 26 '23 09:08 digitarenet

yes the client fails to deserialize the response as it is not expected json but a redirect response. So, authentication endpoint is working as expected but client doesn't redirect. The AuthenticationHandler handler attached on HttpClient should ideally take care of this as per my understanding but doesn't seem to happen. I need to dig in deeper and find out if we need a custom authentication handler .

Nfactor26 avatar Aug 26 '23 09:08 Nfactor26