问题
I am building a flutter app that needs the user to authenticate against an identity provider in order to user the app.
I am using the package simple_auth_flutter to do the authentication stuff. So far this works as expected: When clicking on the log in button, the users is queried for its credentials and after passing the correct credentials I get a valid token.
I only got an issue, when the user logs out from the identity provider. When the user clicks on the log in button he gets automatically logged in without querying for the current users credentials.
While logging out I delete the token from within the package and I revoke the token on identity providers side.
Any idea what could be the reason for this behaviour?
回答1:
OIDC based Identity Providers issue a session cookie when you login. This is what enables single sign on across multiple apps.
To force a new login prompt, logout typically needs to send an End Session Request so that this cookie gets removed.
My Android sample code does this, though I am using different libraries. Not sure if Flutter has end session support?
Also worth being aware that some identity providers require vendor specific messages.
来源:https://stackoverflow.com/questions/60176108/oauth2-no-login-dialog-after-log-out-direct-log-in-of-last-user