Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow local signout to continue even if signout fails in hostedui webview #2842

Open
1 task done
tylerjroach opened this issue Jun 5, 2024 · 1 comment
Open
1 task done
Labels
feature-request Request a new feature

Comments

@tylerjroach
Copy link
Member

Before opening, please confirm:

Language and Async Model

Kotlin

Amplify Categories

Authentication

Gradle script dependencies

Not Relevant

Environment information

Not Relevant

Please include any relevant guides or documentation you're referencing

No response

Describe the feature request

There have been a few asks to allow the device credentials to be cleared even if hostedui signout from the browser fails. This case is primarily if the device does not have network.

The reason this has not been allowed is because it leaves the user signed in on the browser. Launching signInWithWebUi again would end up automatically signing in without presenting a login screen in the browser, since the previous credentials are still present in the browser. We should check if there is any possible way to force the login screen when relaunching the flow.

Initialization steps (if applicable)

No response

Code Snippet

// Put your code below this line.

amplifyconfiguration.json

No response

GraphQL Schema

// Put your schema below this line

Additional information and screenshots

No response

@tylerjroach tylerjroach added the feature-request Request a new feature label Jun 5, 2024
@github-actions github-actions bot added pending-triage Issue is pending triage and removed pending-triage Issue is pending triage labels Jun 5, 2024
@lokeshbhattarai
Copy link

Thank you for adding this ticket. Super appreciate this.

  1. I have this use case in my app because the app supports mix of offline and online data. User is still able to play around with a bunch of screens and see the cached data when they are offline.
    So it's necessary to support sign-out when the user is offline.

  2. If I may, I wanna suggest that it would be wonderful if Amplify-Auth could support sign out without even displaying the browser (even if login was done via signInWithWebUI).
    Please let me know if it's already possible. This is more towards enhancing UX by supporting sign out without having to see the browser pop-up. I've worked on a couple of projects where the backend decides (due to business logic) that user needs to re-authenticate on the app. We mostly intercept the HTTP response code behind the scene and redirect user to login page. So it feels weird when user is doing something but suddenly they see a pop up for a few seconds and then jump to another screen. We add proper messaging to inform the user but still the flow doesn't quite feel seamless. It also becomes difficult if the API call was happening in the background and app needs to silently sign out. There could be other scenarios that I'm missing.
    However, there may be a another way to do this. I've used other Identity Provider SDK that supports custom options like prompt in OpenID Connect to be able to force user to the login. This means app can silently clear the app session and force user to login with signInWithWebUI without having to call signOut. So it would be great if Amplify Auth could support this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature-request Request a new feature
Projects
None yet
Development

No branches or pull requests

2 participants