Reputation: 1560
How to sign out of an AWS Cognito federated identity session?
It is easy to sign into an AWS Cognito session either via username and password or federated identity using { Auth } from 'aws-amplify' by
Auth.signIn({ username: email, password: password})
or
Auth.federatedSignIn({ provider: 'Google' }); // or 'SignInWithApple' || 'Facebook'
and it is easy to sign out of a Cognito session via
Auth.signOut();
Possibly worth noting that we are using expo-web-browser to launch in-app browser sessions, and not directing out to an external safari / chrome window.
The problem is that the Auth.signOut() call does not revoke the token from the Google / Apple / Facebook session, so whenever Auth.federatedSignIn({ provider: 'Google' }); is called again, the user is already signed in.
This is suboptimal, because it means that if a user logs in via Google / Facebook / Apple, they lose the ability to sign in using a different Google / Facebook / Apple account. It also makes it very difficult to debug issues happening on the first login from federated providers, since it will not let the tester change accounts.
Has anyone found a valid solution in the most recent version of Expo? (35 as of time of writing this)
This is a similar question, unanswered and not providing a lot of context
This documentation suggests to call
GET https://mydomain.auth.{region}.amazoncognito.com/logout?
client_id={CLIENT_ID}&
logout_uri=https://myclient/logout
but I have not had luck with this method in my app when calling
fetch('https://{MY_DOMAIN}.auth.us-west-2.amazoncognito.com/logout?client_id={CLIENT_ID}&redirect_uri=exp://127.0.0.1:19000&response_type=code', {
method: 'GET',
//Request Type
})
from my logout button
This thread mentions that they were thinking about adding a clear cookies for the expo-web-browser package, but it doesnt look like that ever made it through code review.
Notably, even while on a development server and running expo r -c the Federated Auth identity cookies will still push you through without a sign in.
Any suggestions on how to clear out the Google / Facebook / Apple federated login session that Cognito looks at?
Upvotes: 10
Views: 2274
Answers (0)
Related Questions
- AWS Cognito federated user login not allowing to sign in as different user after log out
- How can logout from all devices in AWS Cognito?
- How to use Cognito LOGOUT endpoint to really log out?
- Logout from one session on aws cognito java
- How to logout user from .net core 3.1 application using AWS Cognito and OIDC middleware
- How can I logout from Expo Apple developper account?
- How to sign out of aws cognito - android?
- Cannot sign out the user from AWS Cognito
- signout user aws cognito
- How to logout from amazon cognito javascript and clear cached identityId