Hi team,
Need some help reg the Signout flow in ArcGIS SDK for kotlin. I have successfully logined using OAuth, but I am unable to find some API or docs in reference to how to sign out. In Swift code base example, I can see
ArcGISEnvironment.authenticationManager.revokeOAuthTokens() await ArcGISEnvironment.authenticationManager.clearCredentialStores()
Link: https://developers.arcgis.com/swift/sample-code/authenticate-with-oauth/
But unable to see similar thing in Android. Need your help on how to achieve the logout flow. Android Authentication manager doesn't have similar functions exposed.
Team, Is there any API where I can invalidate the Oauth token?
Hi @DeepamPalaniswami ,
The Kotlin API currently does not expose convenience methods on AuthenticationManager to revoke OAuth tokens and to clear the credential stores. Instead you can do the following:
suspend fun signOut() {
// revoke any OAuth tokens
ArcGISEnvironment.authenticationManager.arcGISCredentialStore.getCredentials().forEach {
if (it is OAuthUserCredential) {
lifecycleScope.async {
it.revokeToken()
}
}
}
// clear credential stores
ArcGISEnvironment.authenticationManager.arcGISCredentialStore.removeAll()
ArcGISEnvironment.authenticationManager.networkCredentialStore.removeAll()
}
HI @GuntherHeppner ,
Thanks for the response. I have tried the signout flow, but even though it revokes the token and we clear credentials from credentialstore, argGIS is able to get the user info cached up.
Kindly refer the below code:
ArcGISAuthenticationChallengeHandler { challenge ->
if (oAuthConfiguration.canBeUsedForUrl(challenge.requestUrl)) {
val oAuthUserCredential =
OAuthUserCredential.create(oAuthConfiguration) { oAuthUserSignIn ->
oAuthUserSignInViewModel.promptForOAuthUserSignIn(oAuthUserSignIn)
}.getOrThrow()
ArcGISAuthenticationChallengeResponse.ContinueWithCredential(oAuthUserCredential)
} else {
ArcGISAuthenticationChallengeResponse.ContinueAndFailWithError(
UnsupportedOperationException()
)
}
}
oAuthUserCredential is always gets back the Oauth user info even after I signout.
I have also tried revoking token using API before I got your reply. it returns success. But It seems never cleanup.
https://developers.arcgis.com/rest/users-groups-and-items/revoke-token.htm
Is there something I miss ?. I referred the sample example authenticate-with-oauth for my Implementation. I used the customChromeTabs as suggested in sample.
It would be great if you can help me with.
@DeepamPalaniswami - judging from your attached video, you are signing in via OAuth with an enterprise login. The login browser window (Custom Chrome Tab) will cache the sign in data, but the Maps SDK does not have any control over that, thus cannot clear the cached browser data on sign out. You would need to do this explicitly as you sign out. Please try the Android webkit CookieManager API as follows:
CookieManager.getInstance().removeAllCookies(null)
Possibly i need to try with Webiview instead of custom tabs as we cannot clear the cache in custom tabs. I willl keep you posted with my changes. Thanks.
Thanks @DeepamPalaniswami . Please keep us posted. We are investigating this issue on our side as well.