auth0/auth0-vue

Logout when multiple tabs opened

sayanthk-perfagents opened this issue · 4 comments

When the application is opened in multiple tabs and then after logout from one tab , I am able to get the access token silently in the other tab and make API requests.

It looks like the tabs are not in sync. When I change the cacheLocation property value to localstorage then it is working fine. But I know that is not a good thing to do.

Thanks for reaching out, can you elaborate a bit on your situation? How are you configuring the SDK? Are you perhaps using refresh tokens or localOnly logout?

@frederikprijck This is how I am initializing the sdk

const auth = createAuth0({
  domain: process.env.VUE_APP_AUTH0_DOMAIN,
  client_id: process.env.VUE_APP_AUTH0_CLIENT_ID,
  redirect_uri: process.env.VUE_APP_AUTH0_CALLBACK,
  audience: process.env.VUE_APP_AUTH0_AUDIENCE,
});

I am using the method getAccessTokenSilently() to get the tokens

What looks like is happening is the fact that logging out in one tab, does not clear the memory cache of other tabs. We do clear localStorage when using localStorage, which is why it does work when you use localStorage.

As our SDK does not clear memory-cache, you could sync multiple tabs yourself or rely on local-storage.

In the meanwhile, I will have a look if there has been any change on auth0/auth0-spa-js#136, but syncing tabs can get complicated and won't always work, and it's something that could be implemented in user-land by communicating between tabs and calling logout({ localOnly: true }).

After having a conversation internally, we believe that what is mentioned above is still our current advice.