Here's some background, I'm using implicit flow and my token is JWT. To logout, I'm using the method call signoutRedirectCallback.
I want to be able to properly logout. So that I can login as a different user. When doing so, I still have the token from the last user? Is there a way to completely log the user out so that it doesn't have the last user's token? The token still persists for some reason. It seems that the only way to truly logout is when the browser page is closed and the cookie on the identityserver3 gets removed/deleted?
This may also answer my other issue. If the user clicks on a hyperlink on the main grid page and it opens a new tab (ex. details page), if the user logs out on the new tab (details page), the main grid page (old tab) is still logged in? Again, it's the same issue where I'm not completely logged out.
Can anyone give me some guidance on how to properly logout to remove the cookie on the identityserver3? So that it's a clean slate. The token still persists. Thank you.
//Here is the code. In my main component I have a menuclick event and this works:
public MenuClick(event, item)
{
if (item === "signOut")
{
this.signOut();
}
}
public signOut()
{
this._LoginService.logOut();
}
//Here is the LoginService that calls the oidc-client method:
public logOutCall(): Observable<boolean>
{
return Observable.fromPromise(new Promise<boolean> (
resolve =>
{
this._oidcService.logOut();
resolve(true);
}
));
}
The this._oidcService.logOut() calls the actual oidc-client method signoutRedirectCallback(). This works and it redirects. But the token still persists unless I close the page.
UPDATE: My testing team has told me that this issue is specifically with Chrome.
To clear the state managed by the UserManager, call
removeUser
. This should be called for you when you trigger signout, so I'm curious why it's not. Check the logs?