I'm using the angular-oauth-oidc library to manage authentication in an angular app. I'm also using this sample as the base for my work: https://github.com/jeroenheijmans/sample-angular-oauth2-oidc-with-auth-guards
When i start the project and try to navigate to a protected page A (protected by a guard that checks if i'm authenticated, if i'm not, it calls the initLoginFlow() method), i get redirected to the authorization server's login page, after successfully logging in, i'm redirected the page A.
When i click on a button to logout, i get redirected to a page B that i specified in the logoutUrl property of the library, and all data and tokens are deleted from the localStorage. Until this stage it's working fine.
But when i try to navigate again to the protected page A, some redirections happen and i find myself logged in and already at the page A, and tokens are available again in localStorage, without having to go to the server's login page the do what i did in the first time. Why am i not redirected again to the server's login page ?
// the guard
canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean> {
return this.authService.isDoneLoading$.pipe(
filter(isDone => isDone),
switchMap(_ => this.authService.isAuthenticated$),
tap(isAuthenticated => {
return isAuthenticated || this.authService.login(state.url);
}),
);
}
// auth service login
public login(targetUrl?: string) {
this.oauthService.initLoginFlow(targetUrl || this.router.url);
// this.oauthService.initCodeFlow(targetUrl || this.router.url); // i tried this one and same result
}
// logout method
public logout() {
this.oauthService.logOut();
// this.oauthService.revokeTokenAndLogout(); // i tried this one and same result
}
Can anyone help me with this problem ? thanks.
I have found that explicitly adding the logoutUrl property fixed the issue. I don't understand why but it worked. I get redirected to the server's logout page, and the session is ended.