OAuth2:注销后无登录对话框，直接登录最后一个用户 [英] OAuth2: No login dialog after log out, direct log in of last user

问题描述

我正在构建一个Flutter应用，该应用需要用户针对身份提供者进行身份验证才能使用该应用.

I am building a flutter app that needs the user to authenticate against an identity provider in order to user the app.

我正在使用软件包 simple_auth_flutter 进行身份验证.到目前为止，这可以按预期工作:在单击登录"按钮时，向用户查询其凭据，并在传递正确的凭据后获得有效的令牌.

I am using the package simple_auth_flutter to do the authentication stuff. So far this works as expected: When clicking on the log in button, the users is queried for its credentials and after passing the correct credentials I get a valid token.

当用户从身份提供者注销时，我只有一个问题.当用户单击登录"按钮时，他将自动登录，而无需查询当前用户的凭据.

I only got an issue, when the user logs out from the identity provider. When the user clicks on the log in button he gets automatically logged in without querying for the current users credentials.

注销时，我从软件包中删除令牌，然后在身份提供者端撤消令牌.

While logging out I delete the token from within the package and I revoke the token on identity providers side.

任何想法可能是这种行为的原因吗?

Any idea what could be the reason for this behaviour?

推荐答案

基于OIDC的身份提供程序在您登录时会发出会话cookie.这就是启用跨多个应用程序的单点登录的原因.

OIDC based Identity Providers issue a session cookie when you login. This is what enables single sign on across multiple apps.

要强制输入新的登录提示，注销通常需要发送结束会话请求，以便删除该Cookie.

To force a new login prompt, logout typically needs to send an End Session Request so that this cookie gets removed.

我的

My Android sample code does this, though I am using different libraries. Not sure if Flutter has end session support?

还应注意，某些身份提供者需要供应商特定的消息.

Also worth being aware that some identity providers require vendor specific messages.

这篇关于OAuth2:注销后无登录对话框，直接登录最后一个用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！