logout() makes undesirable fetch request

Question

logout() makes undesirable fetch request

pangolingo opened this issue 5 years ago · 14 comments

When I call solid.auth.logout(), it makes a fetch request to /.well-known/solid/logout. When I'm writing frontend-only code (like a demo on Codepen), I'd prefer that this request did not occur. There is no backend set up to handle the request.

Would it be possible to add an option to disable this logout request?

Answer 1 · 2019-03-27T20:55:30.000Z

Ehm, but that is kind of the purpose of .logout() 🙂
Why just not call it?

Answer 2 · 2019-03-27T20:58:25.000Z

Is there a spec for what is expected in /.well-known/solid/* files?

Answer 3 · 2019-03-27T20:59:55.000Z

Why just not call it? Because being logged in separate windows can mess up logins, it is sometimes necessary to logout() first.

Answer 4 · 2019-03-27T21:00:05.000Z

Is there a spec for what is expected in /.well-known/solid/* files?

No, but we don't need it at the moment. It's all derived from /.well-known/openid-configuration (and the latter does have a spec).

Answer 5 · 2019-03-27T21:00:37.000Z

it is sometimes necessary to logout() first.

Agreed, but to execute that action, we need to send the request. You're asking the lib to log out, so the lib delivers.

Answer 6 · 2019-03-27T21:05:47.000Z

In my use case (building a Solid demo app on Codepen), I expect logout() to log me out of the Solid identity provider. And it does, so that's functioning properly.

It's this expectation of having a local server that threw me off. This doesn't break anything: the fetch call is properly wrapped in a try/catch. It just feels odd.

Answer 7 · 2019-03-27T21:07:06.000Z

Perhaps indicate in the warning message that it's not an error? Something like"no .well-known was found, so skipped"

Answer 8 · 2019-03-27T21:10:05.000Z

It's this expectation of having a local server that threw me off. This doesn't break anything: the fetch call is properly wrapped in a try/catch. It just feels odd.

I'm not entirely sure what you mean. There is no local server expectation, only an identity provider. What unexpected request happened? (perhaps with full URL?)

Answer 9 · 2019-03-27T21:10:47.000Z

It throws some people off to see the message. For example, jeff-zucker/solid-file-client#24 is asking the same question as this issue.

Answer 10 · 2019-03-27T21:11:58.000Z

solid-auth-client doesn't guess that location; it gets it from the server. So jeff-zucker/solid-file-client#24 seems like a misconfigured server.

Answer 11 · 2019-03-27T21:14:22.000Z

It can occur with apps run from localhost so missing rather than misconfigured.

Answer 12 · 2019-03-27T21:16:02.000Z

Same with the case of codepen - their server isn't misconfigured, it's just not solid-ready.

Answer 13 · 2019-03-27T21:16:53.000Z

Okay, I was confused here. Apparently /.well-known/solid/logout is hard-coded on the client (https://github.com/solid/solid-auth-client/blob/v2.3.0/src/webid-oidc.js#L75). I was assuming the server pointed to that location (as it should, because this is a total hack).

Answer 14 · 2019-03-27T21:23:04.000Z

Yeah, upon closer examination, we have no choice but to use that hack with the current OIDC libraries. We could add a warning when it 404s, as @jeff-zucker suggested, but that's the best we have (PR welcome).