I need to logout from flutter_appauth with a button press in flutter;
This package doesn't have any logout method.
This is my get token code:
appAuth.authorizeAndExchangeCode(AuthorizationTokenRequest(
clientID, redirectUrl,
discoveryUrl: discoveryUrl,
scopes: scopes,
clientSecret: clientSecret
In that package, didn't any solution for this, but this problem solve with two way :
It's your browser so you can clear the browser's cache :)
When you call method for authorizing and exchanges code, there is needed to add an additional parameter called "promptValues" with 'login' value. In this way, every time the login is made there is no value in the cache and it always asks for a new login.
do this :
final AuthorizationTokenResponse result =
await appAuth.authorizeAndExchangeCode(
AuthorizationTokenRequest(
your_client_id,
your_localhost,
promptValues: ['login'],
discoveryUrl:
your_discovery_url,
scopes: [your_scopes],
),
);
There are 2 main options here, and as a first step I would see if you can make the first option work, in line with Mohammad's comment:
OPTION 1: SIMPLE LOGOUT
Just remove any stored tokens from your app. The problem with this is that it does not remove the Authorization Server Session Cookie. So by default you cannot force another login prompt, eg to sign in as a new user. One way around this is to send prompt=login as a parameter when performing the login redirect.
OPTION 2: FULL LOGOUT
A more complete OpenID Connect RP initiated logout involves both of these actions and may require you to dig into AppAuth internals:
There are potential issues, such as intermittent Chrome white screens that fail to return to the app after logout, due to a missing user gesture.
FURTHER INFO
My blog posts have some further details on AppAuth integration, along with code samples you can run, in case any of this is useful. I am using AppAuth libraries directly from Kotlin / Swift, whereas you need to deal with an additional layer of the Flutter Plugin:
I created a method that take care of logging out the user by ending the session like that:
Future<bool> endSession(String idToken) async {
//work like logout method
try {
await appAuth.endSession(EndSessionRequest(
idTokenHint: idToken,
issuer: _issuer,
postLogoutRedirectUrl: _redirectUrl,
allowInsecureConnections: _allowInsecureConnections));
} catch (err) {
print(err);
return false;
}
return true;
}
_issuer will be something like that http://localhost:8080/auth/realms/REALM-NAMEidToken is what you received after login (inside AuthorizationTokenResponse)2021 Update: Just open the logout page with url_launcher like this:
if (await canLaunch(logoutUrl)) {
await launch(logoutUrl);
}
I solved the logout problem with a trick! I open the browser with a logout link. Then redirect to [custom_url]. And get back to the app with an AppLink.
This is how I logout:
Follow this tutorial to create a KeyStore for your app
Get the Certificate fingerprints, SHA256 from the [generated key].jks with this command:
keytool -list -v -keystore [generated key].jks
[
{
"relation": [
"delegate_permission/common.handle_all_urls"
],
"target": {
"namespace": "android_app",
"package_name": "[app.package.name]",
"sha256_cert_fingerprints": [
"The Certificate fingerprints, SHA256 created in step 2."
]
}
}
]
and put it on the
https://[custom_url]/.well-known/assetlinks.json
<application ...>
<activity ...>
<intent-filter android:autoVerify="true" tools:targetApi="m">
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data
android:host="[custom_url]"
android:scheme="https" />
</intent-filter>
</activity>
</application>
Future logout() async {
if (await canLaunch(_logoutUrl))
await launch(_logoutUrl);
}
