打开多个浏览器选项卡时应如何处理用户注销用例 [英] How should handle users logout use case when multiple browser tabs are opened

问题描述

我在Identity Server 4中使用 angular-oauth2-oidc .

I am using angular-oauth2-oidc with Identity Server 4.

用户需要通过OpenId Connect隐式流登录.我的ID和访问令牌存储在Web浏览器的localStorage中.

Users need to Login via OpenId Connect Implicit Flow. My Id and Access token are stored in the web browser localStorage.

当用户打开多个浏览器选项卡，然后从其中一个选项卡注销时，我应该如何处理其余的选项卡?

When user opens multiple browser tabs and then user logs out from one of the tabs, how should I handle rest of the tabs?

我尝试捕获session_terminated事件，并且它们尝试注销用户.但是，它不会将用户重定向回登录页面.

I have tried to catch session_terminated events , and they try to log the user out. However, it does not redirect the user back to the login page.

this.oauthService.events.filter(e => e.type ==='session_terminated')
                  .subscribe(e => {this.oauthService.logout();})

有什么建议吗?谢谢

推荐答案

有趣.在我的待办事项清单上可以看到它如何与库一起工作.

Interesting. It was on my to do list to see how this works with the library anyways.

我已经创建了专用的游乐场示例存储库这是完美的测试.我发现有两种截然不同的场景:

I had already created a dedicated playground example repo that was perfect for testing this. What I found was that there are two distinct scenarios:

1. 用户自己转到IdentityServer，然后单击注销
2. 用户通过我们自己的应用进行单次退出

仅在第一种情况下，您会获得session_terminated事件.在第二种情况下(您似乎拥有)，在第二个选项卡中会得到一个session_error事件，因为第一个选项卡是:

Only in the first scenario do you get a session_terminated event. In the second scenario (which you seem to have) you get a session_error event in the second tab because the first tab:

1. 清除您存储的令牌
2. 将您重定向到注销页面(您仍然必须单击注销)

您可以在这些屏幕截图中看到很多内容

You can see as much in these screencaptures:

方案1:在第三标签

Scenario 1: log out explicitly in a third tab

方案2:从应用中退出

Scenario 2: log out from the app

因此，我认为您的解决方案是也加入session_error或类似的内容.

So I think your solution is to also hook into session_error, or something similar.

脚注:我想了更多有关上述内容的信息，我认为通过监听localStorage事件，并注意何时通过另一个选项卡清除access_token，其他解决方法也是可能的.

Footnote: thinking some more about the above, I reckon that other workarounds might also be possible by listening to localStorage events, and notice when the access_token is being cleared by another tab.

这篇关于打开多个浏览器选项卡时应如何处理用户注销用例的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！