'OAuth2: No login dialog after log out, direct log in of last user

I am building a flutter app that needs the user to authenticate against an identity provider in order to user the app.

I am using the package simple_auth_flutter to do the authentication stuff. So far this works as expected: When clicking on the log in button, the users is queried for its credentials and after passing the correct credentials I get a valid token.

I only got an issue, when the user logs out from the identity provider. When the user clicks on the log in button he gets automatically logged in without querying for the current users credentials.

While logging out I delete the token from within the package and I revoke the token on identity providers side.

Any idea what could be the reason for this behaviour?



Solution 1:[1]

OIDC based Identity Providers issue a session cookie when you login. This is what enables single sign on across multiple apps.

To force a new login prompt, logout typically needs to send an End Session Request so that this cookie gets removed.

My Android sample code does this, though I am using different libraries. Not sure if Flutter has end session support?

Also worth being aware that some identity providers require vendor specific messages.

Solution 2:[2]

I had the same issue with my flutter app using Firebase and Microsoft as identity provider. I solved the issue by using the "prompt" parameter within the authentication request. Below you can see my code for oAuth authentication with Microsoft.

await FirebaseAuthOAuth().openSignInFlow(
    "microsoft.com",
    ["email openid profile offline_access"],
    {
      'tenant': 'your tenant id',
      'clientId': 'your client id',
      'prompt': 'login'
    },
  );

Also see the Microsoft documentation where the "prompt" parameter is described in detail with all the supported values (https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc).

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1
Solution 2