raunioroo
raunioroo10mo ago

How to actually sign out using deno_kv_auth

Not sure if bug or feature, but I have problems signing out from deno_kv_auth. I'm using Auth0 for testing, but actually the kv auth live demo at https://kv-oauth.deno.dev/ has the same issue, using GitHub provider. Basically, when first visiting the demo, and signing in, you get the GitHub login screen to authorize the sign in. All ok, sign in works. But then you sign out. Yes the session is cleared from the local server, but if you then click sign in again, you don't get the GitHub/Auth0 login screen, but instead get immediately authenticated with the previous credentials, and returned with a new successfully authenticated session. This is a problem of course, as there is no way to switch users, or sign out as you would do when using the site from a borrowed computer or whatever. Is there a way to completely sign out, so that I can again choose to accept or reject the authentication from the actual GitHub/Auth0/other provider oauth screen?
5 Replies
raunioroo
raunioroo10mo ago
The documentation here implies there would be a sign out process (perhaps sending a revoke call of sorts to the auth provider?), but it just deletes the cookie session locally on the server and nothing else. Is this something that is supposed to be manually handled? https://github.com/denoland/deno_kv_oauth/blob/main/lib/sign_out.ts
GitHub
deno_kv_oauth/lib/sign_out.ts at main · denoland/deno_kv_oauth
High-level OAuth 2.0 powered by Deno KV. Contribute to denoland/deno_kv_oauth development by creating an account on GitHub.
raunioroo
raunioroo10mo ago
Okay, it appears to work as desired at least with Auth0, if you manually pass the prompt url parameter like so: const response = signIn(request, oauthConfig, { urlParams: {prompt: "login"}}); This causes the login screen to appear when signing in after sign out. However, this seems like a potential security issue, as the session is not actually revoked upon signout. This workaround just forces a new login upon sign in even though there is an old leftover authentication left dangling
iuioiua
iuioiua10mo ago
Hi there! Yes, this is something I have not yet addressed in the module. I haven’t yet integrated session revocation into the sign-out process as I haven’t yet flushed out a single solution that works equally well for all providers. I have some time in the coming days and will look into this. Would you be able to create a GitHub issue for this?
raunioroo
raunioroo10mo ago
Okay, understood! Thank you so much. I can make an issue just a sec. Just learning oauth stuff so I wasn't sure if it was working as intended or not.
raunioroo
raunioroo10mo ago
Here you go https://github.com/denoland/deno_kv_oauth/issues/267
GitHub
Implement session revocation · Issue #267 · denoland/deno_kv_oauth
Signout function here only deletes the session locally on the server, but does not actually revoke the authentication with the provider: https://github.com/denoland/deno_kv_oauth/blob/main/lib/sign...
More Posts
Distroless Docker image fails with `libc.so: cannot open shared object file: No such file`I am building a 1:1 with a Node project using the same base for a docker image `distroless/cc`. BothBootstrapping a minimal node-compatible runtimeI'm trying to bootstrap a minimal node-compatible runtime, so I've basically been copying and pastinI want to adjust around tls using fetch APIWith nodejs, you could specify a cipher suite or version to be used with tls. Can't you do the same RUN deno task in DockerfileI have made a script to make DB migrations happen using "deno task migration", and I'd love for it tHelp Web.jsrq need help in web.js \ ```js window.paypal .Buttons({ style: { shape: "rect", laUnable to load env variables in localI'm starting again with deno since a long time with a small telegram bot using the `grammy` frameworWhy Bad resource ID occurs?I ran the following and got `error: BadResource: Bad resource ID` on seek. ```typescript import { toStorybook: some lightweight alternative for Deno?Do you know some lightweight alternative for [Storybook](https://storybook.js.org) to run on Deno?How can i change the location of Cache.open('somedb')We're deploying to docker containers which needs to write to an attached volume (specific path)How do I make Objects, Maps, etc. in rusty_v8 into easy-to-understand String?Hello. I wrote the following code in rusty_v8 ```rs let isolate = &mut v8::Isolate::new(Default: