问题
This is a follow-on to a previous question about MobileFirst OAuth. The question being that a call to WL.Client.logout("SomeRealm") does not remove the OAuth token for that Realm/Scope and hence calls resources protected by OAuth still succeed.
The answer to which quotes the InfoCentre as requiring a call to
obtainAuthorizationHeaderForScope
With the implication that this will clear the token. My experiments seem to indicate that this does not work as expected. First I am working with the JavaScript API and find this
WLAuthorizationManager.obtainAuthorizationHeader("SomeRealm")
as the corresponding function. However this function seems to result in a call to
http://myHost:10080/MyProject/authorization/v1/authorization
that it turn triggers the challenge handler, that is, it attempts to re-enter the specified Realm. I don't see any WL API to destroy the OAuth token. All I can think of is to call a programatic equivalent of
localStorage.removeItem("com.worklight.oauth.idtoken")
Or put some kluges into my Challenge Handler. Have I missed something here?
回答1:
The logout is completed by calling
WLAuthorizationManager.obtainAuthorizationHeader(); // no parameters
My error was in thinking we could selectively be removed from a single Realm, instead we in effect remove our entire OAuth token.
来源:https://stackoverflow.com/questions/30276754/mobilefirst-oauth-logout-cached-oauth-indentity