Hi All,
In reactive app,I am redirective to external url and authentication ,after authentication coming back to application and logging in based on userid.
When I am logging out and logging in again with another user id in external url,It is still sending the same code in response which was for earlier userid and hence the application is logging again with the earlier userid,
How to have control for the code sent by the external url,Do I need to make any changes in app side or do I need to inform to the support team of external url for the same session,
Thank you
This is resolved,thank you skk,redirected to logout url and revoked the session
Hi Ujwala,
It's not quite clear to me what the exact steps are here. You have a reactive app, but you leave that app for some external app, and in that external app you log in with a different user? Is that external app also an OutSystems app? What "code" is sent by the "external URL"? (how can a URL send a code?)
Hi Kilian,
In external URL the authentication is happening and after login it will redirect to aaplication back and in response code
format
Location: https://client.example.org/cb? code=SplxlOBeZQQYbYS6WxSbIA &state=af0ifjsldk
This code we use to send to api /token to get the token and idtoken in response again.
But next time when I am trying to redirect to sso page it is fetching same code in response and not asking me to login again,The session and token is still valid at sso auth url.
I have cleared cache is it external url session handling expiration time?
As the response I am getting has 1800 sec time expiry for token.
But still it does not allow me to login to SSO site.It is taking earlier username which I have entered first time and coming back to my application with that user only.
after 4-5 hrs it is allowing me to login to external site.
Regards,
If the external app redirets back to your app, you need to perform a Login (from System) for the right user.
@ujwala I think you have to clear that client variable which contains LoggedInUserId while performing logout
Thanks
Shriyash
But do logout will clear the variables.
Also when I am logging in I am not sending any user specific info from application,The authentication is happening at external url only.