Merge pull request #1132 from umbraco/feature/signout-on-server

kjac · web-flow · commit c740bff68884 · 2024-01-23T09:49:30.000+01:00
Sign out on server
diff --git a/src/apps/app/app.element.ts b/src/apps/app/app.element.ts
@@ -77,8 +77,8 @@ export class UmbAppElement extends UmbLitElement {
 	async #setup() {
 		if (this.serverUrl === undefined) throw new Error('No serverUrl provided');
 
-		/* All requests to the server requires the base URL to be set. 
-		We make sure it happens before we get the server status. 
+		/* All requests to the server requires the base URL to be set.
+		We make sure it happens before we get the server status.
 		TODO: find the right place to set this
 		*/
 		OpenAPI.BASE = this.serverUrl;
@@ -93,7 +93,7 @@ export class UmbAppElement extends UmbLitElement {
 			// If the runtime level is "install" we should clear any cached tokens
 			// else we should try and set the auth status
 			if (this.#serverConnection.getStatus() === RuntimeLevelModel.INSTALL) {
-				await this.#authContext.signOut();
+				await this.#authContext.clearTokenStorage();
 			} else {
 				await this.#setAuthStatus();
 			}
diff --git a/src/packages/user/current-user/modals/current-user/current-user-modal.element.ts b/src/packages/user/current-user/modals/current-user/current-user-modal.element.ts
@@ -54,10 +54,7 @@ export class UmbCurrentUserModalElement extends UmbLitElement {
 
 	private async _logout() {
 		if (!this.#authContext) return;
-		await this.#authContext.signOut();
-		let newUrl = this.#appContext ? `${this.#appContext.getBackofficePath()}/login` : '/';
-		newUrl = newUrl.replace(/\/\//g, '/');
-		location.href = newUrl;
+		this.#authContext.signOut();
 	}
 
 	render() {
diff --git a/src/shared/auth/auth-flow.ts b/src/shared/auth/auth-flow.ts
@@ -223,38 +223,57 @@ export class UmbAuthFlow {
 		return !!this.#accessTokenResponse && this.#accessTokenResponse.isValid();
 	}
 
+	/**
+	 * Forget all cached token state
+	 */
+	async clearTokenStorage() {
+		await this.#storageBackend.removeItem(TOKEN_RESPONSE_NAME);
+
+		// clear the internal state
+		this.#accessTokenResponse = undefined;
+		this.#refreshToken = undefined;
+	}
+
 	/**
 	 * This method will sign the user out of the application.
 	 */
 	async signOut() {
-		// forget all cached token state
-		await this.#storageBackend.removeItem(TOKEN_RESPONSE_NAME);
+		const signOutPromises: Promise<unknown>[] = [];
 
+		// revoke the access token if it exists
 		if (this.#accessTokenResponse) {
-			// TODO: Enable this when the server supports it
-			// const tokenRevokeRequest = new RevokeTokenRequest({
-			// 	token: this.#accessTokenResponse.accessToken,
-			// 	client_id: this.#clientId,
-			// 	token_type_hint: 'access_token',
-			// });
-
-			// await this.#tokenHandler.performRevokeTokenRequest(this.#configuration, tokenRevokeRequest);
+			const tokenRevokeRequest = new RevokeTokenRequest({
+				token: this.#accessTokenResponse.accessToken,
+				client_id: this.#clientId,
+				token_type_hint: 'access_token',
+			});
 
-			this.#accessTokenResponse = undefined;
+			signOutPromises.push(this.#tokenHandler.performRevokeTokenRequest(this.#configuration, tokenRevokeRequest));
 		}
 
+		// revoke the refresh token if it exists
 		if (this.#refreshToken) {
-			// TODO: Enable this when the server supports it
-			// const tokenRevokeRequest = new RevokeTokenRequest({
-			// 	token: this.#refreshToken,
-			// 	client_id: this.#clientId,
-			// 	token_type_hint: 'refresh_token',
-			// });
-
-			// await this.#tokenHandler.performRevokeTokenRequest(this.#configuration, tokenRevokeRequest);
+			const tokenRevokeRequest = new RevokeTokenRequest({
+				token: this.#refreshToken,
+				client_id: this.#clientId,
+				token_type_hint: 'refresh_token',
+			});
 
-			this.#refreshToken = undefined;
+			signOutPromises.push(this.#tokenHandler.performRevokeTokenRequest(this.#configuration, tokenRevokeRequest));
 		}
+
+		// clear the internal token state
+		signOutPromises.push(this.clearTokenStorage());
+
+		// wait for all promises to settle before continuing
+		await Promise.allSettled(signOutPromises);
+
+		// clear the session on the server as well
+		// this will redirect the user to the end session endpoint of the server
+		// which will redirect the user back to the client
+		// and the client will then try and log in again (if the user is not logged in)
+		// which will redirect the user to the login page
+		location.href = `${this.#configuration.endSessionEndpoint}?post_logout_redirect_uri=${this.#redirectUri}`;
 	}
 
 	/**
diff --git a/src/shared/auth/auth.context.interface.ts b/src/shared/auth/auth.context.interface.ts
@@ -34,6 +34,11 @@ export interface IUmbAuthContext {
 	 */
 	getLatestToken(): Promise<string>;
 
+	/**
+	 * Clears the token storage.
+	 */
+	clearTokenStorage(): Promise<void>;
+
 	/**
 	 * Signs the user out by removing any tokens from the browser.
 	 */
diff --git a/src/shared/auth/auth.context.ts b/src/shared/auth/auth.context.ts
@@ -65,6 +65,14 @@ export class UmbAuthContext extends UmbBaseController implements IUmbAuthContext
 		return this.#authFlow.performWithFreshTokens();
 	}
 
+	/**
+	 * Clears the token storage.
+	 * @memberof UmbAuthContext
+	 */
+	clearTokenStorage() {
+		return this.#authFlow.clearTokenStorage();
+	}
+
 	/**
 	 * Signs the user out by removing any tokens from the browser.
 	 * @return {*}  {Promise<void>}
