You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Referring to the logout flow in oauth2 project, once the the user has authenticated using user/password for the first time, the credentials are not asked next time after logout.
How can I ensure that username/password are asked every time after a logout.
This is what I am trying to implement:-
OAuth2 server using JWT token using "authorization_code" grant type with auto approval. This has html/angularjs form to collect username/password.
UI/Webfront - Uses @EnableSSO. ALL its endpoints are authenticated i.e it does not have any unauthorized landing page/ui/link that user clicks to go to /uaa server. So hitting http://localhost:8080 instantly redirects you to http://localhost:9999/uaa and presents custom form to collect username/password.
With the above approach I am not able to workout the logout flow. HTTP POST /logout to the UI application clears the session/auth in UI application but the users gets logged in again automatically ( as I have opted for auto approval for all scopes) without being asked for username password again.
Looking at logs and networks calls, it looks like that all the "oauth dance" happens all over again successfully without user being asked for username/password again and seems like the auth server remembers last auth token issued for a client ( using org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices?? ).
How can I tell auth server to ask for username/password every time request for code/token. Or what is the best way to implement logout in my given scenario.
( To recreate somewhat near to my requirements, remove permitAll() part from the UiApplication and configure auto approval in auth server. )
Thanks.
The text was updated successfully, but these errors were encountered:
@dsyer - Yes i think #121 is the same problem described here. Instead of enabling CORS, I am going to try routing the /uaa/logout POST request through Zuul mappings in my UI server. But I wish there was some configuration/switch to toggle this auto-login part.
Uh oh!
There was an error while loading. Please reload this page.
Referring to the logout flow in oauth2 project, once the the user has authenticated using user/password for the first time, the credentials are not asked next time after logout.
How can I ensure that username/password are asked every time after a logout.
This is what I am trying to implement:-
OAuth2 server using JWT token using "authorization_code" grant type with auto approval. This has html/angularjs form to collect username/password.
UI/Webfront - Uses @EnableSSO. ALL its endpoints are authenticated i.e it does not have any unauthorized landing page/ui/link that user clicks to go to /uaa server. So hitting http://localhost:8080 instantly redirects you to http://localhost:9999/uaa and presents custom form to collect username/password.
Resource serve - Uses @EnableResourceServer. Plain & simple REST api.
With the above approach I am not able to workout the logout flow. HTTP POST /logout to the UI application clears the session/auth in UI application but the users gets logged in again automatically ( as I have opted for auto approval for all scopes) without being asked for username password again.
Looking at logs and networks calls, it looks like that all the "oauth dance" happens all over again successfully without user being asked for username/password again and seems like the auth server remembers last auth token issued for a client ( using org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices?? ).
How can I tell auth server to ask for username/password every time request for code/token. Or what is the best way to implement logout in my given scenario.
( To recreate somewhat near to my requirements, remove permitAll() part from the UiApplication and configure auto approval in auth server. )
Thanks.
The text was updated successfully, but these errors were encountered: