Oidc-client with IdentityServer3 - Angular2, how to logout and login properly

陌路散爱 提交于 2020-01-15 06:15:49

问题


Here's some background, I'm using implicit flow and my token is JWT. To logout, I'm using the method call signoutRedirectCallback.

I want to be able to properly logout. So that I can login as a different user. When doing so, I still have the token from the last user? Is there a way to completely log the user out so that it doesn't have the last user's token? The token still persists for some reason. It seems that the only way to truly logout is when the browser page is closed and the cookie on the identityserver3 gets removed/deleted?

This may also answer my other issue. If the user clicks on a hyperlink on the main grid page and it opens a new tab (ex. details page), if the user logs out on the new tab (details page), the main grid page (old tab) is still logged in? Again, it's the same issue where I'm not completely logged out.

Can anyone give me some guidance on how to properly logout to remove the cookie on the identityserver3? So that it's a clean slate. The token still persists. Thank you.

//Here is the code. In my main component I have a menuclick event and this works: 
public MenuClick(event, item)
{
    if (item === "signOut") 
    {
        this.signOut();
    }
}

public signOut() 
{
    this._LoginService.logOut();
}

//Here is the LoginService that calls the oidc-client method:
public logOutCall(): Observable<boolean> 
{
    return Observable.fromPromise(new Promise<boolean> (
        resolve => 
        {
            this._oidcService.logOut();
            resolve(true);
        }
    ));
}

The this._oidcService.logOut() calls the actual oidc-client method signoutRedirectCallback(). This works and it redirects. But the token still persists unless I close the page.

UPDATE: My testing team has told me that this issue is specifically with Chrome.


回答1:


To clear the state managed by the UserManager, call removeUser. This should be called for you when you trigger signout, so I'm curious why it's not. Check the logs?



来源:https://stackoverflow.com/questions/41449064/oidc-client-with-identityserver3-angular2-how-to-logout-and-login-properly

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!