-
Notifications
You must be signed in to change notification settings - Fork 367
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
signout() does not sign me out of my application #391
Comments
sign out takes the id_token and not the access token .... |
@DeepDiver1975 Thanks for your reply. That's exactly what am using for signOut(). It's just the naming. Below is how I get the id_token value after successfully authenticating with OIDC library. $oidc->getIdToken() I get the id_token then store it in a session, then access the token on my logout function and destroy the session before proceeding to call the library signOut() function |
@Kibaru did it finally worked? I was able to make it work. but it does not redirect me to correct logoutLink |
@Arafatmollik1 am yet to find a solution yet. How did you make it work? Kindly share.. For the redirect logoutLink, this is what I understand:
$oidc->signOut($id_token, $logoutLink); for my case the logout is triggered and redirected okay but I realized am still logged in |
@Kibaru there is two token one can be id token and the other can be access token make sure you use id token not the access token! |
@Arafatmollik1 I have just counter checked again. Am passing the id token and not the access token. I get the id token like below. Please correct me if am wrong $oidc->getIdToken() //$oidc is an instance of this library Let me try to rephrase my issue again.. When I first visit my dashboard, SSO is triggered and am prompted to enter my login credentials. When I click logout, SSO is triggered again and am logged out successfully and even redirected to the logout url. But if I then try to access the same dashboard url on a new tab or even on the same tab, I see that sso is triggered but now this time am not prompted to enter login credentials which should be the case. For some reason am able to access the same dashboard without having to add my login credentials. This is now my issue.. |
@Kibaru Yes I understand. The only suggestion I can give you is, save the id token into a cookie or session when you login for the first time. Something like this and then when user tried to logout public function onUserLogout()
|
Thanks @Arafatmollik1 but that exactly how I have implemented mine. For your case, have you tried to access the protected pages after logout by directly typing link on a new tab? Is SSO triggered and does it prompt you to enter your login credentials... |
@Kibaru Yes The session successfully get destroyed and also when I try to log in once again then I am NOT automatically logged in to my application. Check also if you are required to have "Secure connection" I had this problem that I needed to use "https" . Also, check if for any reason the id_token is encrypted when you save it to session. It should not be encrypted when you pass it to endsession endpoint! |
I have used your library for my Joomla SSO authentication. Hovewer, on signout with this library as below, signout is triggered successfully but for some reason am not logged out. Am still able to access my application without having to sign in again. What am I missing? Thanks in advance
The text was updated successfully, but these errors were encountered: