jsusen
(Jindřich Sušeň)
February 7, 2024, 2:40pm
1
login to Origam. Then log out by pressing the button in the top right corner drop down.
Try to log in again => you are logged in and then logged out immediately.
You cannot login any more unless you clear the session store in the browser.
jsusen
(Jindřich Sušeň)
February 7, 2024, 2:42pm
2
The issue is caused by an undocumented change in the oidc-client-ts
package v3.0.0.
opened 08:02AM - 02 Feb 24 UTC
documentation
To logout I use the[ signoutRedirect method of the UserManager](https://authts.g… ithub.io/oidc-client-ts/classes/UserManager.html#signoutRedirect).
That worked perfectly fine with version 2.4.0.
With version 3.0.0 the user is no longer properly logged out.
oidc-client-ts correctly redirects the user agent to the auth server with id_token_hint and post_logout_redirect_uri.
The auth server performs the logout as usual and redirects the user agent back to the application.
The difference compared to version 2.4.0 is, that the UserManager still holds a user object, accesible by the [getUser method](https://authts.github.io/oidc-client-ts/classes/UserManager.html#getUser).
Causing the issue should be the removal of [this line in the _signoutStart method](https://github.com/authts/oidc-client-ts/blob/v2.4.0/src/UserManager.ts#L552).
Is this a bug or should I change some things in my application?