Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: logoffAndRevokeTokens is not working in Chrome Incognito window #1830

Open
mahidhar25 opened this issue Aug 25, 2023 · 4 comments
Open

[Bug]: logoffAndRevokeTokens is not working in Chrome Incognito window #1830

mahidhar25 opened this issue Aug 25, 2023 · 4 comments

Comments

@mahidhar25
Copy link

mahidhar25 commented Aug 25, 2023
edited
Loading

Version

15.0.5

Please provide a link to a minimal reproduction of the bug

No response

Please provide the exception or error you saw

Endsession URL is not triggered after the revocation service is completed in logoffAndRevokeTokens method.
I saw CheckSessionReceived event is triggered continuously with the value changed. As per my knowledge, CheckSessionReceived value will be changed when the token is regenerated using a refresh token or logout is initiated.

Steps to reproduce the behavior

No response

A clear and concise description of what you expected to happen.

Logout should be completed when logoffAndRevokeTokens method is triggered.

Additional context

Screenshot 2023-08-25 152217
Screenshot 2023-08-25 152241

Used the below code for logout
this.oidcSecurityService.logoffAndRevokeTokens().subscribe(() => { this.oidcSecurityService.logoffLocal();})
@fredhair
Copy link
Contributor

Can I ask; you say this problem is occurring in an incognito window, is it ONLY in incognito mode or in any browser window i.e. does it work fine in a normal Chrome window?
Also who or what is the Auth provider you're using? In order to successfully call the logout endpoint the end_session_url should be published in the discovery doc {{domain}}/.well-known/openid-configuration, an exception to this is Auth0 which does not publish it's logout endpoint.

@mahidhar25
Copy link
Author

It is working fine in normal chrome window
end_session_url is published in discovery document
"end_session_endpoint":"https://{{domain}}/connect/endsession" this is sample endsession endpoint.

@fredhair
Copy link
Contributor

Have you tried removing the () => { this.oidcSecurityService.logoffLocal(); } ?
I can't see why everything would work fine in a normal Chrome window and not in incognito unless you have some old cookies or local storage values causing problems or your browser is set to block certain endpoints.

@mahidhar25
Copy link
Author

By changing startCheckSession to false logout is working in the Incognito window.
I think by enabling startCheckSession, CheckSessionReceived event is changed continuously in the Incognito window, and in the normal Chrome window, CheckSessionReceived is not changed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mahidhar25 @fredhair