InAppBrowser, OAuth, Cookies


#1

I implemented an OAuth flow using InAppBrowser. Everything works fine, I get my code and can exchange it for an access_token to make API calls.

Problem is, that even if I revoke that access_token, on the next go through the OAuth flow I am automatically logged in and redirected back to my app again with a new access_token instead of me having to log in again - and I can’t find a way to disable this.

Any idea what I am doing wrong or what I should do different?

(When I close and restart the app the cookies/session are gone and I have to login again as it should be)

Here is my InAppBrowser:

const browserRef = window.cordova.InAppBrowser.open(
            url,
            "_blank",
            "location=yes, clearsessioncache=yes, clearcache=yes"
      );

I thought clearsessioncache=yes, clearcache=yes would make sure that there were no cookies when I open the InAppBrowser again :frowning:

(I am testing on a real Android device)


#2

One “workaround” (or lets call it what it is: a dirty hack): I can open the logout URL of the web app I am using in a hidden InAppBrowser on logout. This overwrites the cookies, I can then do the normal OAuth flow again and log in a different user.


#3

It does, but only if you remove the spaces:

The options string must not contain any blank space, and each feature’s name/value pairs must be separated by a comma.

https://cordova.apache.org/docs/en/latest/reference/cordova-plugin-inappbrowser/#cordovainappbrowseropen