Revoke Access Token On Signout?

Question

Revoke Access Token On Signout?

sheeeng opened this issue 3 years ago · 6 comments

sheeeng commented 3 years ago

Does this library support revokeAccessTokenOnSignout: true?

If it is not supported, how can we workaround it using this library?

Answer 1 · 2021-08-23T07:12:52.000Z

Hello, thank you for using oidc-react.

You can use this with a custom provider, like so:

import React from 'react';
import { UserManager, AuthProvider } from 'oidc-react';

const userManager = new UserManager({
 revokeAccessTokenOnSignout: true,
 // ... set your config here
});

export const HelloComponent: React.FC = () => (
	<AuthProvider userManager={userManager}>
	{/* ... */}
	</AuthProvider>
);

Answer 2 · 2021-08-23T07:28:50.000Z

Closing this 👍

Answer 3 · 2021-08-23T08:30:34.000Z

Thank you for the clarification.

Which client ID will the library uses with the following code?

Should all the related OIDC properties moved into UserManager instead of residing inside AuthProviderProps?

Should we use <AuthProvider userManager={userManager}> or <AuthProvider {...OidcConfiguration}> for this example?

const customUserManager = new UserManager({
  revokeAccessTokenOnSignout: true,
  client_id: process.env.REACT_APP_CLIENT_ID,
  // ... set your config here
});

export const OidcConfiguration: AuthProviderProps = {
  onSignIn: async (user: any) => {
    console.log('Signed in! User is: ', user);
    window.location.hash = '';
  },
  userManager: customUserManager,
  autoSignIn: false,
  clientId: process.env.REACT_APP_CLIENT_ID,
  // ... set your config here
}

export const HelloComponent: React.FC = () => (
	<AuthProvider userManager={userManager}> // or <AuthProvider {...OidcConfiguration}> ?
	{/* ... */}
	</AuthProvider>
);

Answer 4 · 2021-08-23T08:36:16.000Z

Yes! Sorry for being unclear about that, but you're right. You have to move the other arguments.

Answer 5 · 2021-08-23T08:40:01.000Z

In other words, UserManager take precedence over AuthProviderProps.

We should use <AuthProvider userManager={userManager}> instead of <AuthProvider {...OidcConfiguration}> in this example, right?

But, how to use autoSignIn: false from AuthProviderProps? How do I workaround it while using UserManager?

Answer 6 · 2021-08-23T08:51:30.000Z

In other words, UserManager take precedence over AuthProviderProps.

We should use <AuthProvider userManager={userManager}> instead of <AuthProvider {...OidcConfiguration}> in this example, right?

Yes :-)

But, how to use autoSignIn: false from AuthProviderProps? How do I workaround it while using UserManager?

autoSignIn still is used. 👍