AppAuth-Android
AppAuth-Android copied to clipboard
openid
How to completely remove session when uninstalling app?
Configuration
- Version: 0.11.1
- Integration: Android (Java)
Description
I use the browser opened from AppAuth's performAuthorizationRequest method in order to open my Login web page.
The whole Login process is fine until I uninstall the app and then install it again. I found that the aforementioned browser still keeps the previous session and thus automatically logged in with the previous account.
I tried clearing the app's cache and then uninstalling it again, but then when I installed and ran it again, the session was still there.
My question: Is there a way to completely remove the session without asking the user to logout? I mean the app will check if it has just been installed and will remove all sessions from the previous installations. Of course this step must be done without prompting the user to logout.
Thank you for your help.
It doesn't make sense architecturally, because SSO itself enables a user to login with the same identity in multiple different software systems: in this case the app and the browser.
You may however inhibit this behavior when logging-in via the app by asking for credentials every time using:
authRequestBuilder.setPrompt(AuthorizationRequest.Prompt.LOGIN)
https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.1
Do keep in mind this is actually different to: "deleting the session on uninstall." If the user uninstalls the app and opens your website in their browser they'll still be logged in (assuming the cookie session hasn't expired), but once you run through the app again they'll be prompted to log in.
