How to actually sign out using deno_kv_auth

Not sure if bug or feature, but I have problems signing out from deno_kv_auth. I'm using Auth0 for testing, but actually the kv auth live demo at https://kv-oauth.deno.dev/ has the same issue, using GitHub provider. Basically, when first visiting the demo, and signing in, you get the GitHub login screen to authorize the sign in. All ok, sign in works. But then you sign out. Yes the session is cleared from the local server, but if you then click sign in again, you don't get the GitHub/Auth0 login screen, but instead get immediately authenticated with the previous credentials, and returned with a new successfully authenticated session. This is a problem of course, as there is no way to switch users, or sign out as you would do when using the site from a borrowed computer or whatever. Is there a way to completely sign out, so that I can again choose to accept or reject the authentication from the actual GitHub/Auth0/other provider oauth screen?
The documentation here implies there would be a sign out process (perhaps sending a revoke call of sorts to the auth provider?), but it just deletes the cookie session locally on the server and nothing else. Is this something that is supposed to be manually handled? https://github.com/denoland/deno_kv_oauth/blob/main/lib/sign_out.ts
deno_kv_oauth/lib/sign_out.ts at main · denoland/deno_kv_oauth
High-level OAuth 2.0 powered by Deno KV. Contribute to denoland/deno_kv_oauth development by creating an account on GitHub.
Okay, it appears to work as desired at least with Auth0, if you manually pass the prompt url parameter like so: const response = signIn(request, oauthConfig, { urlParams: {prompt: "login"}}); This causes the login screen to appear when signing in after sign out. However, this seems like a potential security issue, as the session is not actually revoked upon signout. This workaround just forces a new login upon sign in even though there is an old leftover authentication left dangling
Hi there! Yes, this is something I have not yet addressed in the module. I haven’t yet integrated session revocation into the sign-out process as I haven’t yet flushed out a single solution that works equally well for all providers. I have some time in the coming days and will look into this. Would you be able to create a GitHub issue for this?
Okay, understood! Thank you so much. I can make an issue just a sec. Just learning oauth stuff so I wasn't sure if it was working as intended or not.
Implement session revocation · Issue #267 · denoland/deno_kv_oauth
Signout function here only deletes the session locally on the server, but does not actually revoke the authentication with the provider: https://github.com/denoland/deno_kv_oauth/blob/main/lib/sign...

Looking for more? Join the community!

Recommended Posts
Distroless Docker image fails with `libc.so: cannot open shared object file: No such file`I am building a 1:1 with a Node project using the same base for a docker image `distroless/cc`. BothBootstrapping a minimal node-compatible runtimeI'm trying to bootstrap a minimal node-compatible runtime, so I've basically been copying and pastinI want to adjust around tls using fetch APIWith nodejs, you could specify a cipher suite or version to be used with tls. Can't you do the same RUN deno task in DockerfileI have made a script to make DB migrations happen using "deno task migration", and I'd love for it tHelp Web.jsrq need help in web.js \ ```js window.paypal .Buttons({ style: { shape: "rect", laUnable to load env variables in localI'm starting again with deno since a long time with a small telegram bot using the `grammy` frameworWhy Bad resource ID occurs?I ran the following and got `error: BadResource: Bad resource ID` on seek. ```typescript import { toStorybook: some lightweight alternative for Deno?Do you know some lightweight alternative for [Storybook](https://storybook.js.org) to run on Deno?How can i change the location of Cache.open('somedb')We're deploying to docker containers which needs to write to an attached volume (specific path)How do I make Objects, Maps, etc. in rusty_v8 into easy-to-understand String?Hello. I wrote the following code in rusty_v8 ```rs let isolate = &mut v8::Isolate::new(Default:Usage of Deno.Command?Hey guys we use Deno.run to launch shell cmd and pipe the result to log. But Deno.run will be deprecWhen the destination server is down, WebSocketStream stops and the program crashes.I'm running the following code: ```const ws = new WebSocketStream("wss://localhost"); setInterval((Struggling with interactive FreshChartsHi there I'm trying to display charts in my fresh js project. i want to have them as islands accordiTurso with local db fileI wanted to try out Turso's syncURL feature and for that it creates a local db file to read from andImporting local NodeJS module from DenoIs it possible to import a javascript file that has `node` imports for standart modules like `http` how I can install antd in my deno project?how I can install antd in my deno project?