pod-browser
pod-browser copied to clipboard
inrupt
Unable to change user on same IdP
In an incognito tab:
- go to broker.pod.inrupt.com/ click login
- get redirected to podbrowser.inrupt.com/ click "sign in", get redirected to auth.inrupt.com/
- sign in as user1, get redirected to podbrowser.inrupt.com/
- click the "log out" button in the top right under the menu
- get redirected to podbrowser.inrupt.com/ click "sign in", enter into podbrowser.inrupt.com/
In step 5 the only other option is "SIGN IN WITH OTHER PROVIDER". If I choose https://broker.pod.inrupt.com/ I get the following error message:
{"error":"invalid_grant","error_description":"Invalid redirect_uri"}
from: https://broker.pod.inrupt.com/authorization?client_id=https%3A%2F%2Fpodbrowser.inrupt.com%2Fapi%2Fapp&redirect_uri=https%3A%2F%2Fpodbrowser.inrupt.com%2Flogin&response_type=code&scope=openid%20webid&state=6<...deleted...>d&code_challenge=i<...deleted...>M&code_challenge_method=S256&response_mode=query
Is there a way to change my user?
Hi,
The issue that you describe is due to the fact that when you select the “Log Out” option in PodBrowser, you are logging out of the PodBrowser application, not the Pod Spaces Identity Provider (IdP) (https://broker.pod.inrupt.com ). Hence when you select “Sign in with Other Provider” and enter the same URL, the error occurs as you cannot be redirected to the IdP when you are still logged in.
Not logging out of the IdP when logging out of the application is a deliberate decision, as you may be using the same IdP in several browser tabs and you may not want to be logged out of all of the tabs.
A few things to note:
- You will be logged out of the IdP if you close the browser.
- You can be logged in with different users in different browsers.
- If at step 5, you click the “SIGN IN” button, you are automatically (re)signed in as the current user.
- At step 5, you can sign into a different IdP.
Hope that helps explain the issue you are seeing.
Kevin
Inrupt Support
Thank you for the fast response Kevin. Yes that explains it perfectly. Is there any interest / plan to add a log out button to https://broker.pod.inrupt.com/ ? It would also be helpful to see what my current user session is when I go to https://broker.pod.inrupt.com/ . Is this also planned / is there any interest in this?
Many thanks.
Hi, I assume you did not mean to repost the same comment multiple times @InruptSupport ?
Thanks for the heads up. Certainly did not mean to repost. Duplicate messages has been deleted.
@AJamesPhillips With respect you your question about having a logout button for the broker, there is nothing currently planned although I will check in with the team managing the broker.
Thank you very much.
If it helps the motivation for this is when developing an application it's often useful to change which user you are so that you can see what the state is in a different pod of a different user etc. I don't think this would often be used by regularly users though saying that until there is a more advanced auth function then I could imagine people using Solid pods and applications similar to other tool suites which allow you to:
- see which user you currently are
- see a list of other users you can be from a menu
- change which user you are from the menu
Examples include various Google applications and Twitter but obviously many more.
Thanks for the background. I certainly understand the need as I often need to switch users when testing applications. I think I've just go used to using Incognito mode, or implementing Roles (in TestCafe) when doing end-2-end testing.
We've tracked this in our internal issue tracker, however, it requires SDK changes to be supported. I'm going to close this issue, as it's known and cannot be fixed at this time, unfortunately.
