iOS:登出后自动登入ADAL [英] iOS: ADAL Auto sign-in after sign-out
问题描述
我在iOS应用中遇到了ADAL v2.5.4自动登录的问题.
I am facing an issue with auto sign-in with ADAL v2.5.4 in my iOS App.
当用户要登录MSA帐户时,我们将使用所需的参数和invokeBehavior称为AD_PROMPT_AUTO来调用AcquisitionTokenWithResource. 在该应用的首次运行中,系统会向用户显示该Web视图,随着用户成功登录,该Web视图的登录流程将按预期工作.
When a user wants to login to MSA account, we call acquireTokenWithResource with the required params and promptBehavior as AD_PROMPT_AUTO. In the first run of the app, the user is shown the webview from which login flow is working as expected as user is getting logged in successfully.
在我的应用中点击退出"后,我将删除所有具有我的应用的ClientID的令牌.此时,我看到缓存中仍然存在一个带有ClientID'foci-1'的令牌. 另外,我正在清除应用程序的Cookie存储,以使Webview不会重复使用任何Cookie.
On clicking ‘Sign Out’ in my app, I am removing all tokens that have my app’s ClientID. At this point I see that there is still one token present in the cache with ClientID ‘foci-1’. Additionally I’m clearing the cookie storage of my app so that the webview doesn’t reuse any the cookies.
当用户希望再次登录时会出现此问题.当再次触发相同的流程进行登录时,现在用户将自动登录.在日志中,我看到找到了1个用于查询的令牌". 理想情况下,由于用户较早退出,因此应再次提示他们输入凭据.
The issue arises when the user wishes to login again. When the same flow is triggered again for login, now the user is automatically signed in. In the logs I see ‘1 token found for query’. Ideally since the user signed out earlier, they should be prompted for their credentials again.
处理这种情况的正确方法是什么? 登出方式应该不同吗?重新触发登录之前是否应该进行其他检查?在这种情况下,hinterBehavior有什么影响?
What is the right way to handle this scenario? Should sign-out be handled differently? Should there be any additional checks before login is retriggered? What is the impact of promptBehavior in this scenario?
推荐答案
这是我用来从使用ADAL的应用程序执行注销"的代码.
This is the code I use to perform a "logout" from an app that uses ADAL.
它调用注销端点以使服务器端的刷新令牌无效,并删除所有相关的cookie和钥匙串条目.
It calls the logout endpoint to invalidate the refresh token on the server side and deletes all of the relevant cookies and keychain entries.
fileprivate var safariModal = false
fileprivate var safariHostVC: UIViewController?
public func logout(presentOn viewController: UIViewController?, modal: Bool) {
let client = "xyzzy" // Your app client id here
let redirect = "youruri://somepath/" // Your redirect URI here
ADKeychainTokenCache.defaultKeychain().removeAll(forClientId: clientid, error: nil)
if let url = URL(string:"https://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=\(redirect)") {
let safari = SFSafariViewController(url: url)
safari.toolbarItems = nil
safari.delegate = self
if #available(iOS 11.0, *) {
safari.dismissButtonStyle = .close
}
guard let vc = viewController else {
return
}
self.safariHostVC = vc
self.safariModal = modal
safari.modalPresentationStyle = .overFullScreen
safari.modalTransitionStyle = .coverVertical
if modal {
vc.present(safari, animated: true, completion: nil)
} else {
vc.navigationController?.pushViewController(safari, animated: true)
}
let cookieJar = HTTPCookieStorage.shared
guard let cookies = cookieJar.cookies else { return }
let cookiesArr = Array(cookies)
for cookie: HTTPCookie in cookiesArr {
if (cookie.name == "SignInStateCookie" || cookie.name == "ESTSAUTHPERSISTENT" || cookie.name == "ESTSAUTHLIGHT" || cookie.name == "ESTSAUTH" || cookie.name == "ESTSSC") {
cookieJar.deleteCookie(cookie)
}
}
}
}
您还需要实现SFSafariViewControllerDelegate函数
func safariViewControllerDidFinish(_ controller: SFSafariViewController) {
guard let vc = self.safariHostVC else {
return
}
if self.safariModal {
vc.dismiss(animated: true, completion: nil)
} else {
vc.navigationController?.popViewController(animated: true)
}
self.safariHostVC = nil
}
这篇关于iOS:登出后自动登入ADAL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
