flutter_appauth icon indicating copy to clipboard operation
flutter_appauth copied to clipboard

Published 20 hours ago verified publisher icon MaikuB

end session not working

Open MansoorJafari9 opened this issue 1 year ago • 8 comments

Hi after I call end session method for signout user, web page opens and when I log in again web page opens instead of the app open and when I open the application again user signs in in advanced when I update the Flutter app auth form 5. x.x to 6. x.x this issue appears

    await appAuth.endSession(new EndSessionRequest(      
        idTokenHint: token.idToken,
        postLogoutRedirectUrl: postLogoutRedirectUrl,
        serviceConfiguration: AuthorizationServiceConfiguration(authorizationEndpoint: AuthorizationEndpoint, tokenEndpoint: TokenEndpoint, endSessionEndpoint: EndSessionEndpoint)));
    print("end session");

and I want to know into this part

              android:host="<your_custom_host>"/> ``` 
what value should I set for <your_custom_host>

MansoorJafari9 avatar Aug 05 '23 05:08 MansoorJafari9

please help

MansoorJafari9 avatar Aug 06 '23 13:08 MansoorJafari9

It happened with me too. I had to made a manual request to my OAuth provider to solve it in an alternative way...

mablds avatar Aug 09 '23 13:08 mablds

End session method is meant to be used to log out so logging in again causing a web page to open is expected so what you've been describing is to be expected.

what value should I set for <your_custom_host>

You'll need to familiarise yourself with the structure of a URI. See https://en.wikipedia.org/wiki/Uniform_Resource_Identifier#Syntax

MaikuB avatar Aug 12 '23 06:08 MaikuB

@MaikuB I know when the user call end session method when logging out and web page open again and user has to login again. I have a problem whit this part. why login page opens again and I close app and open it again user logged in in advanced.

MansoorJafari9 avatar Aug 12 '23 08:08 MansoorJafari9

I'm not following trying to describe here. If you believe there's a bug, are you able to fork the repo and update the example to demonstrate this? Something to bear in mind is that managing access tokens is separate from the plugin. Apps will typically manage the tokens (e.g. using https://pub.dev/packages/flutter_secure_storage) and if the user has logged out, it's your application's responsibility to remove the tokens. Right now, I would guess that you aren't doing that and this is why the next time that app was opened that the user was considered logged in despite how they logged themselves out

MaikuB avatar Aug 12 '23 08:08 MaikuB

Facing the same issue on Android. iOS works fine though. When the user logs out and logs in again, the login screen does not appear and user gets auto-logged in.

7685 avatar Nov 29 '23 10:11 7685

Facing the same issue on Android. iOS works fine though. When the user logs out and logs in again, the login screen does not appear and user gets auto-logged in.

I'm facing this issue as well. Android only. iOS works as expected.

rexmihaela avatar Dec 13 '23 22:12 rexmihaela

To fix this issue, make sure you set promptValues to login when getting the token. This way, it will always make sure to show the login screen instead of just providing new tokens automatically.

FlutterAppAuth appAuth = const FlutterAppAuth();
    
    var result = await appAuth.authorizeAndExchangeCode(
      AuthorizationTokenRequest(
          Constants.b2cClientIdentifier,
          Constants.b2cRedirectUrl,
          discoveryUrl: Constants.b2cDiscoveryEndpoint,
          scopes: Constants.b2cScopes.split(','),
          promptValues: ['login']
      ),
    );

MeltdownInteractive avatar Jun 12 '24 01:06 MeltdownInteractive