This may not be relevant to Ionic. I am not sure. But I have Ionic app and I am trying to implement Logout functionality which doesn’t seem like working so thought of checking here to see if anybody else is in the same boat and how they resolved it.
So, in my app I am using Microsoft Azure Active Directory (AAD) for authentication. And I am using something called Azure Mobile App (one of the the Azure App Service product) for authentication. The login part is working fine. However, for the logout part, it does appear to be successful but when I launch the app again it logs me in directly instead of showing the login page.
As I mentioned in the beginning, this may not be Ionic related. And I am trying to find more information from Azure forums too. And, while do that, I thought of trying to clear the cache/cookies (of course, if they exist) in Ionic app and see if that helps.
I came across some forums/posts that talk about window.cache.clear() or window.cookies.clear(). But not completely sure on how to do it.
For example, I am not sure what that window refers to in Ionic. Is it like I just declare it as declare var window: any;?
Any pointers/suggestions/help will be a great help.
@Sujan12 - I am not sure what you mean by “other app”.
Following the flow of my app:
User log into the app
a) The app connects to Azure Mobile App and call login() method on it.
b) The Azure Mobile App in turn, internally (no coding on my part), goes against Azure Active Directory to authenticate the user.
c) Upon successful authentication, the Azure Mobile App returns with a access_token.
d) login() on Azure Mobile App return a Promise so in resolve() of the returned Promise, I store this access_token in ionic/storage.
Upon successful login, the user does whatever they need to do in the app.
Once done, the user clicks/taps on “Logout” in the app.
a) On logout, the app connects back to Azure Mobile App and calls logout() method on it.
b) Like login(), logout() also returns a Promise. So, in the resolve() of this Promise I remove the previously stored access_token from ionic/storage.
That’s how the flow is currently.
The problem I am facing is that on the next launch of the app, the user is supposed to be presented with Login Page but that doesn’t happen. The user is taken to the Home Page of the app.
I am unable to figure out how in the world the app is able to get the access_token and authenticate the user.
Since the user is not getting the Login Page, it might be possible that the logout() method on Azure Mobile App doesn’t work. I am trying to figure that out separately, the lack of good documentation in Microsoft is making way difficult but that’s different story and forum to creep about.
Or the other possibility could be that the access_token that the Ionic App got in the first place (which I stored in ionic/storage and later removed on successful logout) is not being removed from the device. This brings me back to the first question I posted in other post previously and then some more:
Where does the Ionic App store the received access_token on the device?
How do I get hold of that location? And then how do I clear it?
Is there any type of cache that Ionic maintains internally? If yes, then how do I clear it?
Since the Ionic Hybrid App runs in a browser on the device, does it use some sort of Cookies? If yes, how do I clear them?
Would appreciate if you could please provide information or some pointers on how can obtain this information.
Why are you doing this? The reason for storing in storage is so the information persists after logout. If you only need one session’s worth of information, just use the token provided by Azure.
I think you’re going to have better luck asking people familiar with Azure. A completely uninformed look at this issue makes me wonder whether logout actually does anything at all, the logout e2e test doesn’t look like it actually tests anything, and the source looks like all it does is null out a currentUser property, with no server interaction.
Connecting accounts like that should be handled at the auth backend. Is there really no Azure API that does this? It’s pretty standard – connecting a Google+ login and a Twitter login to the same account, for example.
Right @rapropos, I am indeed trying to get some more info in Azure forums and docs.
Thanks for taking the time to go look at azure’s library and pointing to the exact code, very much appreciated!
My intention for creating a post here is to get some insights into Ionic’s internals on storing tokens, etc., if I may say so. Mainly, the question at the end of my reply to @Sujan12:
Where does the Ionic App store the received access_token on the device?
How do I get hold of that location? And then how do I clear it?
Is there any type of cache that Ionic maintains internally? If yes, then how do I clear it?
Since the Ionic Hybrid App runs in a browser on the device, does it use some sort of Cookies? If yes, how do I clear them?
@AaronSterling - on the contrary, I am thinking that it’s the Ionic App and device that is maintaining this token internally somehow somewhere.
All Azure is doing is authenticating the user and returning with a token. I am not saying that Azure will/can not have issues in logout. But that’s the topic I would follow up with Microsoft/Azure users.
My questions are purely Ionic specific. I provided the Azure information only so that you get a context on where I am coming from and why I am having these questions.
I understand my questions may not have answers. In that case, I am hoping I will be told clearly accordingly so that I don’t waste my time as well as of the people in this forum.
It doesn’t, unless you explicitly ask it to. If you are using the InAppBrowser, then that’s a separate issue outside the confines of what we (well, I at least) think of as “the Ionic App”, and this issue strongly suggests that you not use IAB for Azure. This moots your second question, and the answer to the other two is “for all practical purposes, no”.
Because, and correct me if I am wrong, once the Azure returns with the access_token, its role is over. The app and/or Ionic Framework and/or device is storing that access_token somewhere.
Is it not the same with any other authentication services? Once they authenticate the user and return the token they are out of the picture from the app’s perspective unless you are explicitly invoking something using that service from the app (like authorization, logout, etc.).
Azure has some contract with the browser under the hood. Ionic is not involved. That’s the case for other authentication services too, e.g., Firebase Auth. I can’t say it’s true for all services, but it’s pretty common. You’re giving an app more power than it actually has. It runs in a portion of a browser.
That depends. If you call some logic outside of your app again, and there is some “remember” mechanism (session or cookie in app browser or external browser for example) you might see nothing, but effectively it is a new login.
