Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Flutter app: How to implement a proper logout function?

Tags:

oauth-2.0

jwt

flutter

azure

azure-ad-b2c

I have a flutter App using Azure B2C authentication. To achieve this I use the flutter appAuth package. The login process works fine but appAuth does not provide a logout functionality. After logging in I get an access token. Until now my logout was to delete this access token.

The problem is, that Azure require a web app session lifetime of at least 15 minutes in the SignIn user flow. This means: If a user logs in and out within 15 minutes, he will automatically be logged in again. This makes a login with another user impossible.

I hope to fix this behavior with a real logout instead of only deleting the access tokens. In found the following line of code in the Azure Active Directory documentation. But I cannot manage to get it running. Any suggestions for a logout function?

GET https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/logout?post_logout_redirect_uri=https%3A%2F%2Fjwt.ms%2F
like image 424
Pilouni Avatar asked Nov 16 '22 14:11

Pilouni

1 Answers

I followed the below source to implement the below log out function using app auth written by David White.

Future<void> _logOut() async {
    try {
      //for some reason the API works differently on iOS and Android
      Map<String, String> additionalParameters;
      if (Platform.isAndroid) {
        //works on Android but will miss p parameter when redirected back to authorize on iOS
        additionalParameters = {
          "id_token_hint": _idToken,
          "post_logout_redirect_uri": _redirectUrl
        };
      } else if (Platform.isIOS) {
        // with p parameter when redirected back to authorize on iOS
        additionalParameters = {
          "id_token_hint": _idToken,
          "post_logout_redirect_uri": _redirectUrl,
          'p': '<tenantID>'
        };
      }
      await appAuth.authorizeAndExchangeCode(
        AuthorizationTokenRequest(
          _clientId,
          _redirectUrl,
          promptValues: ['login'],
          discoveryUrl: _discoveryURL,
          additionalParameters: additionalParameters,
          scopes: _scopes,
        ),
      );
    } catch (e) {
      print(e);
    }
    setState(() {
      _jwt = null;
    });
  }

source: https://www.detroitdave.dev/2020/04/simple-azure-b2c-flutter.html

like image 174
Lobo Avatar answered Jan 27 '23 23:01

Lobo
Sign in to Comment

Related questions

IOException when uploading to Blob Storage in published app
How to get the last modification time of each files present in azure datalake storage using python in databricks workspace?
Azure DevOps - how to build bundles using webpack during deployment
Azure website keeps throwing the error "An attempt was made to access a socket in a way forbidden by its access permissions"

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!