-
Notifications
You must be signed in to change notification settings - Fork 262
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BREAKING CHANGE: set signOut option clearTokensAfterRedirect default to true #1059
Changes from 4 commits
d44dc40
e8501b2
4702b2a
876b269
cf550bb
3bb06dc
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -109,7 +109,7 @@ | |
|
||
function logout(e) { | ||
e.preventDefault(); | ||
authClient.signOut() | ||
authClient.signOut({ clearTokensBeforeRedirect: true }) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is because we are not running |
||
} | ||
|
||
main(); | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -216,10 +216,9 @@ describe('OktaAuth (browser)', function() { | |
it('Default options when no refreshToken: will revokeAccessToken and use window.location.origin for postLogoutRedirectUri', function() { | ||
return auth.signOut() | ||
.then(function() { | ||
expect(auth.tokenManager.getTokensSync).toHaveBeenCalledTimes(3); | ||
expect(auth.revokeRefreshToken).not.toHaveBeenCalled(); | ||
expect(auth.revokeAccessToken).toHaveBeenCalledWith(accessToken); | ||
expect(auth.tokenManager.clear).toHaveBeenCalled(); | ||
expect(auth.tokenManager.clear).not.toHaveBeenCalled(); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. since this assertion is being reversed, can we update the title to include this information?
add an assert that the pending token renew was saved There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. alternatively, can remove the tokenManager asserts from this test since this logic is covered in another test |
||
expect(auth.closeSession).not.toHaveBeenCalled(); | ||
expect(window.location.assign).toHaveBeenCalledWith(`${issuer}/oauth2/v1/logout?id_token_hint=${idToken.idToken}&post_logout_redirect_uri=${encodedOrigin}`); | ||
}); | ||
|
@@ -231,10 +230,9 @@ describe('OktaAuth (browser)', function() { | |
|
||
return auth.signOut() | ||
.then(function() { | ||
expect(auth.tokenManager.getTokensSync).toHaveBeenCalledTimes(3); | ||
expect(auth.revokeAccessToken).toHaveBeenCalledWith(accessToken); | ||
expect(auth.revokeRefreshToken).toHaveBeenCalledWith(refreshToken); | ||
expect(auth.tokenManager.clear).toHaveBeenCalled(); | ||
expect(auth.tokenManager.clear).not.toHaveBeenCalled(); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. same as comment above, please update title and add assertion for pending state |
||
expect(auth.closeSession).not.toHaveBeenCalled(); | ||
expect(window.location.assign).toHaveBeenCalledWith(`${issuer}/oauth2/v1/logout?id_token_hint=${idToken.idToken}&post_logout_redirect_uri=${encodedOrigin}`); | ||
}); | ||
|
@@ -257,7 +255,6 @@ describe('OktaAuth (browser)', function() { | |
var customToken = { idToken: 'fake-custom' }; | ||
return auth.signOut({ idToken: customToken }) | ||
.then(function() { | ||
expect(auth.tokenManager.getTokensSync).toHaveBeenCalledTimes(2); | ||
expect(window.location.assign).toHaveBeenCalledWith(`${issuer}/oauth2/v1/logout?id_token_hint=${customToken.idToken}&post_logout_redirect_uri=${encodedOrigin}`); | ||
}); | ||
}); | ||
|
@@ -302,10 +299,9 @@ describe('OktaAuth (browser)', function() { | |
|
||
return auth.signOut({ revokeAccessToken: false }) | ||
.then(function() { | ||
expect(auth.tokenManager.getTokensSync).toHaveBeenCalledTimes(2); | ||
expect(auth.revokeAccessToken).not.toHaveBeenCalled(); | ||
expect(auth.revokeRefreshToken).toHaveBeenCalled(); | ||
expect(auth.tokenManager.clear).toHaveBeenCalled(); | ||
expect(auth.tokenManager.clear).not.toHaveBeenCalled(); | ||
expect(window.location.assign).toHaveBeenCalledWith(`${issuer}/oauth2/v1/logout?id_token_hint=${idToken.idToken}&post_logout_redirect_uri=${encodedOrigin}`); | ||
}); | ||
}); | ||
|
@@ -316,33 +312,41 @@ describe('OktaAuth (browser)', function() { | |
|
||
return auth.signOut({ revokeRefreshToken: false }) | ||
.then(function() { | ||
expect(auth.tokenManager.getTokensSync).toHaveBeenCalledTimes(2); | ||
expect(auth.revokeAccessToken).toHaveBeenCalled(); | ||
expect(auth.revokeRefreshToken).not.toHaveBeenCalled(); | ||
expect(auth.tokenManager.clear).toHaveBeenCalled(); | ||
expect(auth.tokenManager.clear).not.toHaveBeenCalled(); | ||
expect(window.location.assign).toHaveBeenCalledWith(`${issuer}/oauth2/v1/logout?id_token_hint=${idToken.idToken}&post_logout_redirect_uri=${encodedOrigin}`); | ||
}); | ||
}); | ||
|
||
it('Can pass a "accessToken=false" to skip accessToken logic', function() { | ||
return auth.signOut({ accessToken: false }) | ||
.then(function() { | ||
expect(auth.tokenManager.getTokensSync).toHaveBeenCalledTimes(2); | ||
expect(auth.revokeAccessToken).not.toHaveBeenCalled(); | ||
expect(auth.tokenManager.clear).toHaveBeenCalled(); | ||
expect(auth.tokenManager.clear).not.toHaveBeenCalled(); | ||
expect(window.location.assign).toHaveBeenCalledWith(`${issuer}/oauth2/v1/logout?id_token_hint=${idToken.idToken}&post_logout_redirect_uri=${encodedOrigin}`); | ||
}); | ||
}); | ||
|
||
it('Can pass a "clearTokensAfterRedirect=true" to skip clear tokens logic', function() { | ||
it('skips token clear logic by default', () => { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. it's not skipping the logic, it is adding a pending remove flag. Let's make sure the test title matches as closely as possible to the assertions that we are making
|
||
auth.tokenManager.addPendingRemoveFlags = jest.fn(); | ||
return auth.signOut({ clearTokensAfterRedirect: true }) | ||
return auth.signOut() | ||
.then(function() { | ||
expect(auth.tokenManager.clear).not.toHaveBeenCalled(); | ||
expect(auth.tokenManager.addPendingRemoveFlags).toHaveBeenCalled(); | ||
expect(window.location.assign).toHaveBeenCalledWith(`${issuer}/oauth2/v1/logout?id_token_hint=${idToken.idToken}&post_logout_redirect_uri=${encodedOrigin}`); | ||
}); | ||
}); | ||
|
||
it('Can pass a "clearTokensAfterRedirect=false" to force clear tokens logic', function() { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
|
||
auth.tokenManager.addPendingRemoveFlags = jest.fn(); | ||
return auth.signOut({ clearTokensBeforeRedirect: true }) | ||
.then(function() { | ||
expect(auth.tokenManager.clear).toHaveBeenCalled(); | ||
expect(auth.tokenManager.addPendingRemoveFlags).not.toHaveBeenCalled(); | ||
expect(window.location.assign).toHaveBeenCalledWith(`${issuer}/oauth2/v1/logout?id_token_hint=${idToken.idToken}&post_logout_redirect_uri=${encodedOrigin}`); | ||
}); | ||
}); | ||
}); | ||
|
||
describe('without idToken', () => { | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should say
clearTokensBeforeRedirect
here