W
Wasp-lang2mo ago
dbalbo

Issue with Keycloak Logout Not Terminating Session in Wasp 0.14 on WSL

Hi everyone, I’m using Wasp version 0.14 on a WSL platform and have integrated social authentication with Keycloak. The login works fine, but I’m having trouble with the logout. When I click "logout" (from the OpenSaaS menu), the session on OpenSaaS is terminated (the local storage key is removed), but the session remains active on Keycloak. It seems that the logout action is not calling Keycloak's logout endpoint. Is there any configuration I might be missing? How do I ensure that Keycloak’s session is properly terminated upon logging out of OpenSaaS? Thanks!
7 Replies
kapa.ai
kapa.ai2mo ago
Hi @dbalbo. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave: ---------------------- In Wasp, the logout action is implemented as follows: 
import { logout } from 'wasp/client/auth'  
  
const LogoutButton = () => {  
 return <button onClick={logout}>Logout</button>  
}  
import { logout } from 'wasp/client/auth'  
  
const LogoutButton = () => {  
 return <button onClick={logout}>Logout</button>  
}
This action logs out the user by deleting the session from the database and from localStorage on the client side (source (https://wasp-lang.dev/docs/auth/overview#logout-action)). However, it seems like this action might not be calling Keycloak's logout endpoint, which is why the session remains active on Keycloak. Unfortunately, the provided knowledge sources do not contain information on how to ensure that Keycloak's session is properly terminated upon logging out. I would recommend checking the Wasp documentation or reaching out to the Wasp community for further assistance. They might be able to provide more insights or workarounds for this issue. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ---------------------- Sorry @dbalbo, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist: Perhaps try again in 15mins?
miho
miho2mo ago
This looks like a bug on our part! We haven't really implemented the log out flow as more than removing the token from localStorage because it was enough so far 🙂 We should rethink our log out to support log out clean up e.g. sending an extra request to Keycloak to terminate the session. Is this a blocker for you? Is it preventing you from doing something and in what way? I'm curious to learn 🙂
miho
miho2mo ago
I've created this issue: https://github.com/wasp-lang/wasp/issues/2275
GitHub
Terminate 3rd party session after log out · Issue #2275 · wasp-lang...
After a user logs out in Wasp, for some OAuth providers, it's necessary to terminate the 3rd party session as well. We could do this as a generic "log out clean up" hook that we perfo...
dbalbo
dbalbo2mo ago
Thanks @miho. I’ve encountered an issue when trying to switch between two users on the same device/browser. Here’s the scenario: We have two users: user_1 and user_2. I open the "/login" page on my OpenSaaS site, click the "Keycloak" button, and log in with user_1. The login is successful, the session on Keycloak is created, and I'm logged into the OpenSaaS site. Next, user_1 logs out from OpenSaaS, and the login page is displayed. Now, I want to log in as user_2. When I click the "Keycloak" button again, instead of being prompted to log in as user_2, I’m immediately logged in as user_1 because the Keycloak session still exists. As a result, I’m unable to log in as user_2 without manually terminating the Keycloak session.
MEE6
MEE62mo ago
Wohooo @dbalbo, you just became a Waspeteer level 1!
miho
miho2mo ago
I did not know about this behaviour! This is a big deal IMHO and we should upgrade our Keycloak setup to terminate its session
dbalbo
dbalbo2mo ago
thanks
Want results from more Discord servers?
Add your server