Unexpected login/logout Behaviour

[tobyf93]

I've currently setup the following methods to test out the library:

...
const extraQueryParameters = 'domain_hint=mydomain.com.au';
const validateAuthority = false;
const useBroker = false;
const authority = 'https://login.windows.net/common';
const resourceUri = 'https://graph.windows.net';

login = async () => {
  try {
    await AzureAdal.configure(
      authority,
      validateAuthority,
      clientId,
      redirectUri,
      useBroker,
    );

    const userDetails = await AzureAdal.login(resourceUri, '', extraQueryParameters);
    console.log('userDetails', userDetails);
  } catch (error) {
    console.log('login error', error);
  }
}

getToken = async () => {
  try {
    await AzureAdal.configure(
      authority,
      validateAuthority,
      clientId,
      redirectUri,
      useBroker,
    );

    const userDetails = await AzureAdal.getTokenAsync(resourceUri);
    console.log('userDetails', userDetails);
  } catch (error) {
    console.log('getToken error', error);
  }
}

logout = async () => {
  try {
    await AzureAdal.configure(
      authority,
      validateAuthority,
      clientId,
      redirectUri,
      useBroker,
    );

    const loggedOut = await AzureAdal.logout();
    console.log('loggedOut', loggedOut);
  } catch (error) {
    console.log('logout error', error);
  }
}

Expected Behaviour

1. login() prompts the user for credentials and returns user details.
2. getToken() returns user details by accessing the IOS keychain.
3. logout() returns true.
4. getToken() is unable to retrieve user details from the keychain.
5. login() prompts user for credentials again.

Actual behaviour

1. "
2. "
3. "
4. "
5. Login() does not prompt user again for credentials and returns user details.

I'm very confused as to how this is happening. Is there a chance that the token is being cached in the webviews cookies and not being cleared by logout()?

[tobyf93]

@DariusAf I noticed that you also had a couple of issues setting up keychain caching (#2). Did you happen to come across any behaviour similar to this?

[tobyf93]

Looks like it is an issue with cookies - when you login the access tokens are stored in the keychain and cookies as per Microsoft's design. These cookies are never cleared when the user logs out.

From the name of this bridging function it looks like you may have wanted to clear the cookies at some stage?

RCT_REMAP_METHOD(clearCoockieAndCache,
                 resolver:(RCTPromiseResolveBlock)resolve
                 rejecter:(RCTPromiseRejectBlock)reject){
    @try {
        ADKeychainTokenCache* cacheStore = [ADKeychainTokenCache new];
        
        dispatch_async(dispatch_get_main_queue(), ^{
            ADAuthenticationError *error;
            //get all items from cache
            NSArray *cacheItems = [cacheStore allItems:&error];
            
            
            if (error != nil)
            {
                @throw(error);
            }
            for (ADTokenCacheItem*  item in cacheItems)
            {
                [cacheStore removeItem:item error: &error];
                
                if (error != nil)
                {
                    @throw(error);
                }
            }
            resolve(@"success");
        });
        
    }
    @catch (ADAuthenticationError *error)
    {
        reject( [[NSString alloc] initWithFormat:@"%d", error.code], error.errorDetails, error );
    }
}

Currently that function only deals with the keychain cache...