MobileFirst OAuth注销,缓存OAuth身份 [英] MobileFirst OAuth Logout, cached OAuth indentity
问题描述
这是有关MobileFirst OAuth的上一个问题的后续内容。问题是对WL.Client.logout(SomeRealm)的调用不会删除该Realm / Scope的OAuth令牌,因此调用受OAuth保护的资源仍然成功。
答案引用InfoCentre要求拨打
obtainAuthorizationHeaderForScope
暗示这将清除令牌。我的实验似乎表明这不能按预期工作。首先我正在使用JavaScript API并找到这个
WLAuthorizationManager.obtainAuthorizationHeader(SomeRealm)
作为相应的函数。但是这个函数似乎导致调用
http:// myHost:10080 / MyProject / authorization / v1 / authorization
它会触发挑战处理程序,也就是说,它会尝试重新进入指定的Realm。我没有看到任何WL API来销毁OAuth令牌。我能想到的就是调用一个程序等效的
localStorage.removeItem(com.worklight.oauth.idtoken)
或者在我的挑战处理程序中添加一些kluges。我在这里遗漏了什么吗?
通过调用
<完成注销pre>
WLAuthorizationManager.obtainAuthorizationHeader(); //没有参数
我的错误是认为我们可以选择性地从单个领域中删除,而不是我们实际上删除了我们的整个OAuth令牌。
This is a follow-on to a previous question about MobileFirst OAuth. The question being that a call to WL.Client.logout("SomeRealm") does not remove the OAuth token for that Realm/Scope and hence calls resources protected by OAuth still succeed.
The answer to which quotes the InfoCentre as requiring a call to
obtainAuthorizationHeaderForScope
With the implication that this will clear the token. My experiments seem to indicate that this does not work as expected. First I am working with the JavaScript API and find this
WLAuthorizationManager.obtainAuthorizationHeader("SomeRealm")
as the corresponding function. However this function seems to result in a call to
http://myHost:10080/MyProject/authorization/v1/authorization
that it turn triggers the challenge handler, that is, it attempts to re-enter the specified Realm. I don't see any WL API to destroy the OAuth token. All I can think of is to call a programatic equivalent of
localStorage.removeItem("com.worklight.oauth.idtoken")
Or put some kluges into my Challenge Handler. Have I missed something here?
The logout is completed by calling
WLAuthorizationManager.obtainAuthorizationHeader(); // no parameters
My error was in thinking we could selectively be removed from a single Realm, instead we in effect remove our entire OAuth token.
这篇关于MobileFirst OAuth注销,缓存OAuth身份的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
