How to get the userIdentity of the user being logged out when using Worklight adapter based authentication

Question

I am currently implementing an adapter based authentication for my Worklight application. For the record, I am using Worklight version 5.0.6.1.

What I would like to do is, as it seems to be advised in the documentation, to perform some cleanup in the "logout" function of my authentication adapter.

Thus, inside the logout function being called automatically by the Worklight framework, I'd like to retrieve the userIdentity object holding the info about the user being logged out. I tried to achieve this by calling "WL.Server.getActiveUser()", but it does not seem to be possible to do this in the logout function.

I can see the following exception in the logs (WebSphere App Server 7):

[9/3/13 17:13:11:683 IST] 00000039 DataAccessSer 1        com.worklight.integration.services.impl.DataAccessServiceImpl invokeProcedureInternal Procedure 'onLogout' invocation failed. Runtime: Adapter 'onLogout' security test has no user realm.java.lang.RuntimeException: Adapter 'onLogout' security test has no user realm.

The idea behind this is that I want to call an external REST service that will perform some cleanup in a DB, and I need the mobile application userId to be passed as a parameter of this service.

Could someone please give some best practices in order to retrieve the identity of the user being logged out from inside the authentication adapter logout function?

Thanks.

Answer 1

User identity is destroyed by an underlying auth framework before Adapter.onLogout() is invoked. As a result when Adapter.onLogout() is called the user identity doesn't exist any more. Therefore WL.Server.getActiveUser() will return null or throw exception (in your case because it doesn't have any user realm defined, which is perfectly fine).

In case you still require data from userIdentity even AFTER underlying auth framework discards it (and this IS your case) you can save userIdentity in session state. However you need to remember that since you're manually storing it there - it is also your responsibility to wipe it once it is not required anymore.

So the adapter code would be something like:

/* global var, not inside of any function*/
var userIdentity = null;

function submitCredentials(user, pass){
    if (/*validate credentials*/){

        /* using previously created global var, not declaring it again */
        userIdentity = {
             userId:user,
             displayName:user
        };
        WL.Server.setActiveUser("realm", userIdentity);
    }
}

function onLogout(){
    /* do your stuff with userIdentity object and then wipe it*/
    userIdentity = null;
}

The main difference with regular adapter flow is that userIdentity object is not created in the scope of a submitCredentials() function but as a global variable, therefore it is a session scoped var.