ESA - how to override_ `invalidate` method to call a server side action/URL

belgoros · August 17, 2018, 9:11am

As ESA docs puts it:

This method is invoked as a callback when the session is invalidated. While the session will invalidate itself and clear all authenticated session data, it might be necessary for some authenticators to perform additional tasks (e.g. invalidating an access token on the server side).

how is it possible to achieve that ? I’m using implicit grant authentication and tried to put invalidate in the corresponding authenticator as follows:

Calling logout in application.js route:

#routes/application.js

actions: {
    logout() {
      this.get('session').invalidate(this.get('currentUser.user'));
    }
  },

Trying to override invalidate in the used authenticator:

#authenticators/oauth2-implicit-grant.js

import OAuth2ImplicitGrant from 'ember-simple-auth/authenticators/oauth2-implicit-grant';

export default OAuth2ImplicitGrant.extend({

invalidate(data, args) {
  console.log(data);
}
});

The output of data to the console displays:

Object { authenticator: "authenticator:oauth2-implicit-grant", access_token: XXXX, token_type: "Bearer", expires_in: "7199"}

How to call my server URL to nullify the token and what kind of response it should send ? Thank you.

belgoros · August 17, 2018, 3:20pm

I pushed the app code, branch redirect_to_login_gatewayto GitHub repo, master branch being the original version containung Login button. I override invalidate function as follows: In application route:

actions: {
    logout() {
      this.get('session').invalidate(this.get('currentUser'));
      this.transitionTo('index');
    }
  },

The in authenticator:

# athenticators/oauth2-implicit-grant.js

import OAuth2ImplicitGrant from 'ember-simple-auth/authenticators/oauth2-implicit-grant';
import { inject as service } from '@ember/service';

export default OAuth2ImplicitGrant.extend({
  currentUser: service(),

  invalidate(data, args) {
    let currentUser = args.get('user');
    return this.get('currentUser').logoutUser(currentUser);
  }
});

And finally in index route:

beforeModel: function() {
    if (this.get('session.isAuthenticated')) {
      this.transitionTo('dashboard');
    } else {
      let oauthUrl = config.oauthUrl;
      let clientId = config.clientID;
      let redirectURI = `${window.location.origin}/callback`;
      let responseType = `token`;
      let scope = `profile%20openid`;
      window.location.replace(oauthUrl
        + `?client_id=${clientId}`
        + `&redirect_uri=${redirectURI}`
        + `&response_type=${responseType}`
        + `&scope=${scope}`
      );
    }
  }

But after clicking on logout button, I’m automatically logged in again. What’s wrong with that ? Thank you.

Topic		Replies	Views
How to use ESA or ESAT to authenticate against custom provider Design	16	2333	January 19, 2018
How to invalidate ember session on user inactivity	2	3196	August 26, 2016
ESA - mock with Mirage when using implicit grant authentication Testing	6	1377	June 1, 2018
Ember: ESA: sessionAuthenticated doesn't called	1	1428	November 9, 2015
ESA: How to redirect to corporate login page Routing	19	2750	August 20, 2018

ESA - how to override_ `invalidate` method to call a server side action/URL

Related topics