Worklight logout does not clear active user

https://stackoverflow.com/questions/23676890

23-07-2023
|

Question

I am using Worklight 6.1 and am using a challange handler to determine if my user is logged or not.

Once logged in, I have the following code attached to my logout button in my app:

on(logoutBtn, "click", lang.hitch(this, function() {
    WL.Client.logout('AdapterAuthRealm', { onSuccess:lang.hitch(this, function() {
        this.gotoView("login");
    }), onFailure:lang.hitch(this, function() {
        WL.Logger.error("Unable to logout");
    })});
    return false;
}));

Clicking it opens the login view, but when the user tries to login again, the following error is shown:

"Cannot change identity of an already logged in user in realm 'AdapterAuthRealm'.
The application must logout first."`

According to the following SO question: Worklight: WL.Server.setActiveUser - Cann't modify - Illegal State: Cannot change identity

I will first have to clear the active user before setting a new one:

WL.Server.setActiveUser("AdapterAuthRealm", null);

I actually expected WL.Client.logout to do this automaticly, but doing so myself in my onLogout function in my adapter does not seem to have any effect:

<realm loginModule="NonValidatingLoginModule" name="AdapterAuthRealm">
  <className>com.worklight.integration.auth.AdapterAuthenticator</className>
  <parameter name="login-function" value="PortalAdapter.onAuthRequired"/>
  <parameter name="logout-function" value="PortalAdapter.onLogout"/>            
</realm>

And

function onLogout() {
    WL.Logger.info("invoke logout request");
    WL.Server.setActiveUser("AdapterAuthRealm", null);

    var input = {
        method : 'get',
        returnedContentType : 'text/plain',
        path : '/logoutUrl'
    };

    WL.Server.invokeHttp(input);
}

Adding it to my login function in my adapter as follows:

var userIdentity = { userId: username, displayName: username, attributes: {}};
WL.Server.setActiveUser("AdapterAuthRealm", null);
WL.Server.setActiveUser("AdapterAuthRealm", userIdentity);

Results in an infenite loop of login / logout requests of my app.

My questions:

When/where am I supposed to clear my active user?
When using a challange handler, is it allowed to use the WL.Client.logout method?

Solution

Your realm should have a logout function which should point to adapter procedure to logout. you can add this as a parameter for realm.

you can add the WL.Server.setActiveUser("AdapterAuthRealm",null); to the onLogout() procedure in adapter

<realm loginModule="loginModule" name="AdapterAuthRealm">
            <className>com.worklight.integration.auth.AdapterAuthenticator</className>
            <parameter name="login-function" value="LoginAdapter.onAuthRequired"/>
            <parameter name="logout-function" value="LoginAdapter.onLogout"/>
        </realm>

2 Yes. you can use WL.Client.Logout();` when using challenge handler

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow