[Aerogear-users] Revoke (logout) token - Android

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Aerogear-users] Revoke (logout) token - Android

Mitja Jesenicnik Kotnik
Hello,

I'm using AeroGear to connect to a Keycloak server and retrieve data. When I tried it for the first time it opened a WebView and promted me to enter my password and username. Then when it was succesful I opened MainActivity.

Now my question is how can I implement the logout functionality, since the app dosen't ask me again for my credentials (username, password) but just sends a succes and opens MainActivity.

Thank you for your help in advance.

Best regards,
Mitja

_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Aerogear-users] Revoke (logout) token - Android

Summers Pittman
We don't have an explicit logout method, but you should be able to delete the session using AuthzModule.deleteAccount().

On Mon, Mar 27, 2017 at 5:11 AM, Mitja Jesenicnik Kotnik <[hidden email]> wrote:
Hello,

I'm using AeroGear to connect to a Keycloak server and retrieve data. When I tried it for the first time it opened a WebView and promted me to enter my password and username. Then when it was succesful I opened MainActivity.

Now my question is how can I implement the logout functionality, since the app dosen't ask me again for my credentials (username, password) but just sends a succes and opens MainActivity.

Thank you for your help in advance.

Best regards,
Mitja

_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users



_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Aerogear-users] Revoke (logout) token - Android

Mitja Jesenicnik Kotnik
Yes, I was able to do that. But the WebView still saved the Cookies for that session, so I had to also delete the Cookies from WebView in Android so that the next time it asked me for the password again. 

On Mon, Mar 27, 2017 at 2:58 PM, Summers Pittman <[hidden email]> wrote:
We don't have an explicit logout method, but you should be able to delete the session using AuthzModule.deleteAccount().

On Mon, Mar 27, 2017 at 5:11 AM, Mitja Jesenicnik Kotnik <[hidden email]> wrote:
Hello,

I'm using AeroGear to connect to a Keycloak server and retrieve data. When I tried it for the first time it opened a WebView and promted me to enter my password and username. Then when it was succesful I opened MainActivity.

Now my question is how can I implement the logout functionality, since the app dosen't ask me again for my credentials (username, password) but just sends a succes and opens MainActivity.

Thank you for your help in advance.

Best regards,
Mitja

_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users



_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users



_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Aerogear-users] Revoke (logout) token - Android

Summers Pittman


On Mon, Mar 27, 2017 at 3:07 PM, Mitja Jesenicnik Kotnik <[hidden email]> wrote:
Yes, I was able to do that. But the WebView still saved the Cookies for that session, so I had to also delete the Cookies from WebView in Android so that the next time it asked me for the password again. 

If you are authenticating against Google's OAuth you don't want to use the WebView.


To make AGDroid Authz use the system browser instead of the WebView you can set withIntent(true) on the configuration.

A special note about OAuth 2 and logging out, AGDroid will remove your session locally in the app, but the OAuth 2 spec does not provide a mechanism for logging you out of the server component.  Because it implements OAuth 2, the library can't support the behavior you are trying to do.  
 

On Mon, Mar 27, 2017 at 2:58 PM, Summers Pittman <[hidden email]> wrote:
We don't have an explicit logout method, but you should be able to delete the session using AuthzModule.deleteAccount().

On Mon, Mar 27, 2017 at 5:11 AM, Mitja Jesenicnik Kotnik <[hidden email]> wrote:
Hello,

I'm using AeroGear to connect to a Keycloak server and retrieve data. When I tried it for the first time it opened a WebView and promted me to enter my password and username. Then when it was succesful I opened MainActivity.

Now my question is how can I implement the logout functionality, since the app dosen't ask me again for my credentials (username, password) but just sends a succes and opens MainActivity.

Thank you for your help in advance.

Best regards,
Mitja

_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users



_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users



_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users



_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Aerogear-users] Revoke (logout) token - Android

Mitja Jesenicnik Kotnik
Hello,

thanks for the info. Now I have a question about deleteAccount. I'm trying too use it, but the method dosen't delete my account when I'm debugging. Here is the screenshot:


_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Aerogear-users] Revoke (logout) token - Android

Summers Pittman

On Tue, Mar 28, 2017 at 7:58 AM, Mitja Jesenicnik Kotnik <[hidden email]> wrote:
Hello,

thanks for the info. Now I have a question about deleteAccount. I'm trying too use it, but the method dosen't delete my account when I'm debugging. Here is the screenshot:

Ha, well that is a bug.

It removes the account from the persistent store but it doesn't seem to remove it from memory.  I'll file a jira.
 

_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users



_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Aerogear-users] Revoke (logout) token - Android

Summers Pittman

On Wed, Mar 29, 2017 at 9:19 AM, Summers Pittman <[hidden email]> wrote:

On Tue, Mar 28, 2017 at 7:58 AM, Mitja Jesenicnik Kotnik <[hidden email]> wrote:
Hello,

thanks for the info. Now I have a question about deleteAccount. I'm trying too use it, but the method dosen't delete my account when I'm debugging. Here is the screenshot:

Ha, well that is a bug.

It removes the account from the persistent store but it doesn't seem to remove it from memory.  I'll file a jira.
 

_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users




_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Aerogear-users] Revoke (logout) token - Android

ashish
In reply to this post by Summers Pittman
In iOS it does not show AuthzModule.deleteAccount() method in swift. I am using Keycloak module to login but logout I am not sure how to do I have the same issue can you please guide me? 

On Mon, Mar 27, 2017 at 6:28 PM, Summers Pittman <[hidden email]> wrote:
We don't have an explicit logout method, but you should be able to delete the session using AuthzModule.deleteAccount().

On Mon, Mar 27, 2017 at 5:11 AM, Mitja Jesenicnik Kotnik <[hidden email]> wrote:
Hello,

I'm using AeroGear to connect to a Keycloak server and retrieve data. When I tried it for the first time it opened a WebView and promted me to enter my password and username. Then when it was succesful I opened MainActivity.

Now my question is how can I implement the logout functionality, since the app dosen't ask me again for my credentials (username, password) but just sends a succes and opens MainActivity.

Thank you for your help in advance.

Best regards,
Mitja

_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users



_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users




--
Ashish Kumar Pandita

_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Aerogear-users] Revoke (logout) token - Android

Summers Pittman


On Sat, Apr 1, 2017 at 11:41 AM, Ashish Kumar Pandita <[hidden email]> wrote:
In iOS it does not show AuthzModule.deleteAccount() method in swift. I am using Keycloak module to login but logout I am not sure how to do I have the same issue can you please guide me? 

OAuth2Session.clearTokens seems to be your method in iOS.

However you will still have the same problems with your webview caching the cookie/login session.
 

On Mon, Mar 27, 2017 at 6:28 PM, Summers Pittman <[hidden email]> wrote:
We don't have an explicit logout method, but you should be able to delete the session using AuthzModule.deleteAccount().

On Mon, Mar 27, 2017 at 5:11 AM, Mitja Jesenicnik Kotnik <[hidden email]> wrote:
Hello,

I'm using AeroGear to connect to a Keycloak server and retrieve data. When I tried it for the first time it opened a WebView and promted me to enter my password and username. Then when it was succesful I opened MainActivity.

Now my question is how can I implement the logout functionality, since the app dosen't ask me again for my credentials (username, password) but just sends a succes and opens MainActivity.

Thank you for your help in advance.

Best regards,
Mitja

_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users



_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users




--
Ashish Kumar Pandita

_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users



_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users
Loading...