Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aio logout does not log the user out (access token still stored in local) #32

Closed
sarahxxu opened this issue May 15, 2020 · 2 comments · Fixed by #33
Closed

aio logout does not log the user out (access token still stored in local) #32

sarahxxu opened this issue May 15, 2020 · 2 comments · Fixed by #33
Assignees
@rajarju
Labels
bug Something isn't working

Comments

@sarahxxu
Copy link

sarahxxu commented May 15, 2020
edited
Loading

Describe the bug

$ aio login
<access-token>
$ aio logout

but after you've supposedly "logged out", the access token is not removed from config (global), so you can still see the user token and refresh token shown in aio config

To Reproduce

If you are inside a project with a local .aio, you can see the access token remove from config after you've logged out, but if you change directory to another folder without a local .aio, you can see that the access token is still there in global .aio.

$cd project-a
$aio login

$aio config

$aio logout
$aio config

$cd different-directory

$aio config

In addition, if you are inside a project with local .aio, after you have logged out if you try to type in aio logout again, it throws this error. it should really say "You are currently logged out".

$cd project-a
$aio login

$aio config
$aio logout

$aio logout
 ›   Error: Cannot logout context '$cli': Token missing or expired

Expected behavior
Config should be cleared for both global AND local, and ideally aio logout should print a message saying "you are logged out"
@meryllblanchet meryllblanchet added the bug Something isn't working label May 16, 2020
@rajarju
Copy link
Contributor

rajarju commented May 18, 2020
edited
Loading

This seems to be related to adobe/aio-lib-ims#21
After gathering more info about the config and tokens on cli, I found that, When you follow the steps that have been listed above

  1. Only the refresh_token seems to be retained even after logout (from global config)
  2. The error is thrown as given above on trying to logout again

@rajarju rajarju mentioned this issue May 19, 2020
Merged
10 tasks
@moritzraho
Copy link
Member

moritzraho commented May 19, 2020
edited
Loading

@rajarju here is some more information using aio config --verbose while I tried to reproduce the error:

  • start in a folder with a local .aio: empty global and empty local config
  • aio login -> refresh token and access token stored in global .aio but local .aio has now
{
  $ims: {
    $cli: {
      $cli.bare-output: false
    },
    $current: "$cli"
  }
}
  • aio logout -> all good removes access token from global config (refresh token is still here as non force option)
  • now if I login again here is catch: somehow the refresh token of the global config is now in my local config and in my global config I have a new refresh token and access token
  • aio logout: now both config have the same refresh token from the previous local config. No access token in global config anymore
  • aio logout --force: the refresh token is removed from the global config but not the local one
  • aio logout --force (again): doesn’t remove the local refresh token

@shazron shazron mentioned this issue May 26, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rajarju rajarju

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: clear tokens on logout adobe/aio-cli-plugin-auth
4 participants
@rajarju @meryllblanchet @sarahxxu @moritzraho