-
Notifications
You must be signed in to change notification settings - Fork 170
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ocis] SSE-Event when logged out #9355
Comments
|
Iirc someone ( @kobergj ?) mentioned in the refinement that this ac could be complicated and should be a dedicated story. Could some more technical person elaborate please ? |
The webui sends the logout request directly to the idp. This is why ocis doesn't know that it has been logged out and cannot emit an event. We could implement that for the internal idp but replacing it with keycloak will lead to the same problem. Ocis only knows that it has been logged out when the backchannel logout endpoint is called. |
Should we differentiate the log-out current session and log-out all user sessions? |
We cannot. As I stated above we do not know when we get logged out, except through backchannel logout. |
From my POV, the work within original scope of that ticket has been finished. |
Description
At the moment the web-ui doesn't get notified when the user logs out via a different channel (backchannel logout from another non-ocis application / sessions being killed in the IdP / user logged out in the web-ui in a different tab or on a different device). This leaves the impression for the user that the web-ui can still be used, while they should be redirected to the logged out page instead.
Context: https://github.com/owncloud/enterprise/issues/6705#issuecomment-2160078679 - a user tried to upload files and got errors (401) which couldn't be explained. We assume that the user triggered a backchannel logout in a different application and wasn't aware, that they would be logged out from oCIS as well.
More context: We tried to send the user to the logged out page in the web-ui when polling notifications resulted in a 401 (that was back then before we had SSE). However, this lead to false positives in situations with bad timing of the notifications request (used old token in the second it expired). We had to remove that again.
User Stories
Value
Less support requests ;-)
Acceptance Criteria
trigger event in all situations where the user gets logged out (even if the logout came from the web-ui... the user might have multiple tabs open or might use multiple devices at the same time, we need to set all of them to logged out)should be a dedicated storyDefinition of ready
Definition of done
The text was updated successfully, but these errors were encountered: