"Invalidate Session" is not working properly #75
Comments
|
Hi @podkovyrin, From the point of view of your app, calling The reason, as you may imagine, is that the user may have other apps installed that rely on Uphold's authentication. As an example, consider the following: when you logout from Instagram (inside their app), it doesn't log you out from Facebook (either on Safari or on the Facebook app).
The automatic redirect is a feature that is employed by many of our partners. The intent is to reduce friction for users that have already authorized the app and is in line with most implementations of OAuth (Google, Facebook, etc.). It may be possible to add a new query string parameter to the authorize url, such as: This would have the effect of displaying a page to the user to allow him to signout or confirm the authorization. Is this something you'd be interested in? |
After making a call to the
UpholdClient.invalidateSession()method a user stays logged in the Safari Controller and when he tries to log in again he will be automatically logged in without any interaction or confirmation, and there is no chance to authenticate a different account.To solve this issue I should be able to open a logout page in the Safari Controller (because there is no way to clean cookies programmatically in
SFSafariViewControlleras it runs in a separate process and shares cookies with Safari.app). But I can't find any endpoint or public API to force a user to log out (something likehttps://uphold.com/logout).In Uphold SDK for JavaScript, there is "POST oauth2/revoke" endpoint (https://github.com/uphold/uphold-sdk-javascript/blob/master/docs/oauthclient.md#buildrevoketokenrequest) but it's not possible to make a POST-requests via
SFSafariViewController.The text was updated successfully, but these errors were encountered: