okta-oidc-android icon indicating copy to clipboard operation
okta-oidc-android copied to clipboard

Published 20 hours ago verified publisher icon okta

Can't logout form WebAuth

Open khouloudayadi opened this issue 6 months ago • 0 comments

Describe the bug?

The login functionality works correctly, but I encounter issues with logout. Here is the code I am using:

implementation 'com.okta.android:okta-oidc-android:1.3.4'

private fun loginOkta(email: String) {
    val oidcConfig = OIDCConfig.Builder()
        .clientId("clientId")
        .redirectUri("credirectUri")
        .endSessionRedirectUri("endSessionRedirectUri")
        .scopes("openid email profile offline_access")
        .discoveryUri("discoveryUri")
        .create()

    webAuth = Okta.WebAuthBuilder()
        .withConfig(oidcConfig)
        .withContext(applicationContext)
        .withStorage(SharedPreferenceStorage(this))
        .create()

    sessionClient = webAuth.sessionClient

    val callback = object : ResultCallback<AuthorizationStatus, AuthorizationException> {
        override fun onSuccess(status: AuthorizationStatus) {
            when (status) {
                AuthorizationStatus.AUTHORIZED -> {
                    val accessToken = sessionClient.tokens?.accessToken
                    val idToken = sessionClient.tokens?.idToken
                    Log.d("OKTA", "AUTHORIZED")
                }
                AuthorizationStatus.SIGNED_OUT -> Log.e("OKTA", "SIGNED_OUT")
            }
        }

        override fun onCancel() {
            Log.d("OKTA", "User canceled authentication")
        }

        override fun onError(msg: String?, error: AuthorizationException?) {
            Log.d("OKTA", "${error?.error} onError", error)
        }
    }

    webAuth.registerCallback(callback, this)

    val payload = AuthenticationPayload.Builder()
        .setLoginHint(email)
        .build()

    webAuth.signIn(this, payload)
}

private fun logoutOkta() {
    webAuth.signOutOfOkta(this)
    webAuth.sessionClient.clear()
    webAuth.signOut(this, object : RequestCallback<Int, AuthorizationException?> {
        override fun onSuccess(result: Int) {
            Log.d("OKTA", "Successfully signed out.")
        }

        override fun onError(msg: String, exception: AuthorizationException?) {
            Log.d("OKTA", "Failed to sign out: $msg", exception)
        }
    })
}

The issue I am encountering is as follows:

W  Failed to clear session
AuthorizationException: {"type":0,"code":0,"errorDescription":"Attempt to read from field 'java.lang.String com.okta.oidc.net.request.ProviderConfiguration.end_session_endpoint' on a null object reference"}
    at com.okta.oidc.clients.web.SyncWebAuthClientImpl.signOutOfOkta(SyncWebAuthClientImpl.java:378)
    at com.okta.oidc.clients.web.SyncWebAuthClientImpl.signOut(SyncWebAuthClientImpl.java:430)
    at com.okta.oidc.clients.web.WebAuthClientImpl.lambda$signOut$13$WebAuthClientImpl(WebAuthClientImpl.java:239)
    at com.okta.oidc.clients.web.-$$Lambda$WebAuthClientImpl$frvfEuj1BiFhKHJoCakZoRI9yg8.run(Unknown Source:8)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:462)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
    at java.lang.Thread.run(Thread.java:923)
Caused by: java.lang.NullPointerException: Attempt to read from field 'java.lang.String com.okta.oidc.net.request.ProviderConfiguration.end_session_endpoint' on a null object reference
    at com.okta.oidc.net.request.web.LogoutRequest$Builder.provideConfiguration(LogoutRequest.java:143)
    at com.okta.oidc.clients.web.SyncWebAuthClientImpl.signOutOfOkta(SyncWebAuthClientImpl.java:363)
    at com.okta.oidc.clients.web.SyncWebAuthClientImpl.signOut(SyncWebAuthClientImpl.java:430)

What is expected to happen?

When I click the login button, it works correctly and redirects me to the Okta login page. After entering my login information, I receive the tokens and idToken. However, when I click the logout button, I still encounter the previously mentioned issue. Additionally, when I click the login button a second time, I am not redirected to the Okta login page; instead, I am directly logged in with the current session.

What is the actual behavior?

The device browser session is not cleared and the user remains logged in to the device browser.

Reproduction Steps?

  • Login with Okta user
  • Logout (Failed clear browser session)

Additional Information?

I am certain that the configuration details are correct. Even when I enter the discoveryUri into the browser, I receive a response containing the "end_session_endpoint" element.

SDK Version

compileSdkVersion 33

Build Information

Device: Galaxy A20s OS Version: Android 11

khouloudayadi avatar Jul 27 '24 13:07 khouloudayadi