Community
Select to view content in your preferred language

signout or Logout in Android App using OAuth

1152
6
06-18-2023 07:11 PM
DeepamPalaniswami
by
Occasional Contributor
‎06-18-2023 07:11 PM

Hi team,

Need some help reg the Signout flow in ArcGIS SDK for kotlin. I have successfully logined using OAuth, but I am unable to find some API or docs in reference to how to sign out. In Swift code base example, I can see 

ArcGISEnvironment.authenticationManager.revokeOAuthTokens() await ArcGISEnvironment.authenticationManager.clearCredentialStores()

Link: https://developers.arcgis.com/swift/sample-code/authenticate-with-oauth/

But unable to see similar thing in Android. Need your help on how to achieve the logout flow. Android Authentication manager doesn't have similar functions exposed.


0 Kudos
6 Replies
DeepamPalaniswami
by
Occasional Contributor
‎06-19-2023 05:06 PM

Team, Is there any API where I can invalidate the Oauth token?

0 Kudos
GuntherHeppner
by Esri Contributor
Esri Contributor
‎06-20-2023 02:48 AM

Hi @DeepamPalaniswami ,

The Kotlin API currently does not expose convenience methods on AuthenticationManager to revoke OAuth tokens and to clear the credential stores. Instead you can do the following:

suspend fun signOut() {
  // revoke any OAuth tokens
  ArcGISEnvironment.authenticationManager.arcGISCredentialStore.getCredentials().forEach {
    if (it is OAuthUserCredential) {
      lifecycleScope.async {
        it.revokeToken()
      }
    }
  }
  
  // clear credential stores
  ArcGISEnvironment.authenticationManager.arcGISCredentialStore.removeAll()
  ArcGISEnvironment.authenticationManager.networkCredentialStore.removeAll()
}

 

0 Kudos
DeepamPalaniswami
by
Occasional Contributor
‎06-20-2023 06:33 PM

HI @GuntherHeppner ,

Thanks for the response. I have tried the signout flow, but even though it revokes the token and we clear credentials from credentialstore, argGIS is able to get the user info cached up.

Kindly refer the below code:

ArcGISAuthenticationChallengeHandler { challenge ->
    if (oAuthConfiguration.canBeUsedForUrl(challenge.requestUrl)) {
        val oAuthUserCredential =
            OAuthUserCredential.create(oAuthConfiguration) { oAuthUserSignIn ->
                oAuthUserSignInViewModel.promptForOAuthUserSignIn(oAuthUserSignIn)
            }.getOrThrow()

        ArcGISAuthenticationChallengeResponse.ContinueWithCredential(oAuthUserCredential)
    } else {
        ArcGISAuthenticationChallengeResponse.ContinueAndFailWithError(
            UnsupportedOperationException()
        )
    }
}

oAuthUserCredential is always gets back the Oauth user info even after I signout.

I have also tried revoking token using API before I got your reply. it returns success. But It seems never cleanup.

https://developers.arcgis.com/rest/users-groups-and-items/revoke-token.htm

Is there something I miss ?. I referred the sample example authenticate-with-oauth for my Implementation. I used the customChromeTabs as suggested in sample.

It would be great if you can help me with.


 

Preview file
2752 KB
0 Kudos
GuntherHeppner
by Esri Contributor
Esri Contributor
‎06-22-2023 05:28 AM

@DeepamPalaniswami - judging from your attached video, you are signing in via OAuth with an enterprise login. The login browser window (Custom Chrome Tab) will cache the sign in data, but the Maps SDK does not have any control over that, thus cannot clear the cached browser data on sign out. You would need to do this explicitly as you sign out. Please try the Android webkit CookieManager API as follows:

CookieManager.getInstance().removeAllCookies(null)
0 Kudos
DeepamPalaniswami
by
Occasional Contributor
‎07-03-2023 07:11 PM

Possibly i need to try with Webiview instead of custom tabs as we cannot clear the cache in custom tabs. I willl keep you posted with my changes. Thanks.

0 Kudos
GuntherHeppner
by Esri Contributor
Esri Contributor
‎07-05-2023 01:36 AM

Thanks @DeepamPalaniswami . Please keep us posted. We are investigating this issue on our side as well.

0 Kudos