Select to view content in your preferred language

signout or Logout in Android App using OAuth

949
6
06-18-2023 07:11 PM
DeepamPalaniswami
New Contributor III

Hi team,

Need some help reg the Signout flow in ArcGIS SDK for kotlin. I have successfully logined using OAuth, but I am unable to find some API or docs in reference to how to sign out. In Swift code base example, I can see 

ArcGISEnvironment.authenticationManager.revokeOAuthTokens() await ArcGISEnvironment.authenticationManager.clearCredentialStores()

Link: https://developers.arcgis.com/swift/sample-code/authenticate-with-oauth/

But unable to see similar thing in Android. Need your help on how to achieve the logout flow. Android Authentication manager doesn't have similar functions exposed.


0 Kudos
6 Replies
DeepamPalaniswami
New Contributor III

Team, Is there any API where I can invalidate the Oauth token?

0 Kudos
GuntherHeppner
Esri Contributor

Hi @DeepamPalaniswami ,

The Kotlin API currently does not expose convenience methods on AuthenticationManager to revoke OAuth tokens and to clear the credential stores. Instead you can do the following:

suspend fun signOut() {
// revoke any OAuth tokens
ArcGISEnvironment.authenticationManager.arcGISCredentialStore.getCredentials().forEach {
if (it is OAuthUserCredential) {
lifecycleScope.async {
it.revokeToken()
}
}
}

// clear credential stores
ArcGISEnvironment.authenticationManager.arcGISCredentialStore.removeAll()
ArcGISEnvironment.authenticationManager.networkCredentialStore.removeAll()
}

 

0 Kudos
DeepamPalaniswami
New Contributor III

HI @GuntherHeppner ,

Thanks for the response. I have tried the signout flow, but even though it revokes the token and we clear credentials from credentialstore, argGIS is able to get the user info cached up.

Kindly refer the below code:

ArcGISAuthenticationChallengeHandler { challenge ->
if (oAuthConfiguration.canBeUsedForUrl(challenge.requestUrl)) {
val oAuthUserCredential =
OAuthUserCredential.create(oAuthConfiguration) { oAuthUserSignIn ->
oAuthUserSignInViewModel.promptForOAuthUserSignIn(oAuthUserSignIn)
}.getOrThrow()

ArcGISAuthenticationChallengeResponse.ContinueWithCredential(oAuthUserCredential)
} else {
ArcGISAuthenticationChallengeResponse.ContinueAndFailWithError(
UnsupportedOperationException()
)
}
}

oAuthUserCredential is always gets back the Oauth user info even after I signout.

I have also tried revoking token using API before I got your reply. it returns success. But It seems never cleanup.

https://developers.arcgis.com/rest/users-groups-and-items/revoke-token.htm

Is there something I miss ?. I referred the sample example authenticate-with-oauth for my Implementation. I used the customChromeTabs as suggested in sample.

It would be great if you can help me with.


 

0 Kudos
GuntherHeppner
Esri Contributor

@DeepamPalaniswami - judging from your attached video, you are signing in via OAuth with an enterprise login. The login browser window (Custom Chrome Tab) will cache the sign in data, but the Maps SDK does not have any control over that, thus cannot clear the cached browser data on sign out. You would need to do this explicitly as you sign out. Please try the Android webkit CookieManager API as follows:

CookieManager.getInstance().removeAllCookies(null)
0 Kudos
DeepamPalaniswami
New Contributor III

Possibly i need to try with Webiview instead of custom tabs as we cannot clear the cache in custom tabs. I willl keep you posted with my changes. Thanks.

0 Kudos
GuntherHeppner
Esri Contributor

Thanks @DeepamPalaniswami . Please keep us posted. We are investigating this issue on our side as well.

0 Kudos