1

Apparently the IOS version of this library AppAuth supports logging out using the end_session_endpoint but with the android version you are forced to implement one or find an alternative way of logging the user out.

Currently using the kotlin version of the library

on authorisationRequestBuilder if setPrompt method is not called, then during login you get the KMSI (keep me signed in) checkbox option.

Invalidating authState, persisted tokens and all other resources will not have an effect because hitting the authorise endpoint once again will automatically issue another token. This is because technically they are still logged in the server.

Using only the end_session_endpoint and no postLogoutRedirectUri provided. Is it possible to successfully log the user out and automatically redirect the user by closing the open chrome custom tabs immediately after the endpoint has been a success?

Currently calling the end_session_endpoint using AppAuth will successfully log the user out (You can see this in the open chrome custom tabs) but doesn't redirect or close the custom tabs.

How can this be achieved. I have configured the manifest with LogoutRedirectUriReceiverActivity but not sure how to initiate this. Other examples rely on the postLogoutRedirectUri being present.

Currently postLogoutRedirectUri doesn't exist on the discoveryDoc.

Chief
  • 854
  • 12
  • 27

2 Answers2

0

using IdentityServer4 you can include the idToken in the end session request. This way the user is logged out automatically without consent screens and such. Consequently you do not need a redirect after logout.

Your request would look like this: GET /connect/endsession?id_token_hint=

source: https://identityserver4.readthedocs.io/en/latest/endpoints/endsession.html

Icad
  • 101
  • 1
  • 6
0

Is it clear that the end_session_endpoint is a call to the server to logout? This sample code includes a callback (after end_session_endpoint) that removes any auth tokens stored within the app.

/*
 * Do an OpenID Connect end session redirect and remove the SSO cookie
 */
fun getEndSessionRedirectIntent(metadata: AuthorizationServiceConfiguration,
                                idToken: String?): Intent {

    val extraParams = mutableMapOf<String, String>()
    val request = EndSessionRequest.Builder(metadata)
        .setIdTokenHint(idToken)
        .setPostLogoutRedirectUri(this.config.getPostLogoutRedirectUri())
        .setAdditionalParameters(extraParams)
        .build()

    return authService.getEndSessionRequestIntent(request)
}
larham1
  • 11,736
  • 5
  • 35
  • 26