0

I have an angular application using these two dependencies:

angular-oatuh2-oidc

angular-oauth2-oidc-jwks

The user can already log in via automatically login functionality when the app starts and also logout using a logout button on the welcome page when needed. I have the problem now that when the user presses the logout button, the app redirects to the login page, but because the login page automatically logs the user in, it jumps back to the welcome page. So you can say the user can never really log out and it is a cycle.

Is there a way that some information about the user, when manually loging out, are stored somewhere constantly? The problem is that when user logs out, the page refreshes and so the components get destroyed and so my component doesn't know if user logged out once or not. I need the information if the user pressed the logout button once and use that in my component to check if the user log out manually, then no automatically login functionality should be used.

Or is that not possible because the page refreshes and so everything, the authService and LocalStorage and everything closes?

Maido47
  • 43
  • 1
  • 8

1 Answers1

1

By default, the angular-oauth2-oidc library stores session information in sessionStorage. How you invoke logOut() has an effect on whether or not that information is purged and whether or not the user is redirected to the auth server's logout endpoint.

Though I couldn't get revokeTokenAndLogout() to work as advertised, I found calling logOut(true) to be enough to clear the local session token. However, I needed to follow that up with a call to router.navigate() to handle navigating back to the authentication page afterwards.

Take a look at your router's logic. Are there guards in place for unauthenticated/unauthorized users? And if so, what determines whether or not the user is currently authenticated?

villecoder
  • 13,323
  • 2
  • 33
  • 52