Android turn off automatic login


#1

I am using okta-sdk-appauth-android library to authenticate in mobile native android app.

Login works but I have a problems with logout and next login cycle. When I am using logout method from library, in next login cycle webview with login screen is showing but it immediately login user without option to provide login and password manually.
Is this normal behaviour? With this kind of login I can’t instantly login another user after logout. Only sometimes there is option to provide login & password… What it depends on? Can I force providing login & password after every logout?
Even after my access and refresh tokens expires it automatically login user. I am using native app configuration + PKCE.


#2

Hey @adziadek,

This is the expected behavior for SSO. Native apps leverage a shared browser session to avoid prompting the user for credentials across multiple applications.

To force the logout behavior you’re referring to, you can use the /logout endpoint of your Okta organization. This will terminate the Okta session in the browser - forcing all users to login again when their tokens expire (or when there is a new request to the /authorize endpoint).

Hope this helps!


#3

Hi @jmelberg , I have similar problem to @adziadek and I tried to make it your way.
When I use /logout endpoint, i get 403 Forbidden Error. My error code is E0000005 and errorSummary: “Invalid session”. I use recommended id_token_hint as a parameter and pass id_token I obtained during authorization. Should I use some other token? Something connected with session?


#4

Hey @mgwizdal,

Using the idToken is correct as it is bound to the user’s Okta session.

Just to double check - when you’re building the /logout request, are you injecting that URL into a browser?


#5

Hi, jmeIberg, I have a question, as the friend, why I cannot use https://dev-xxxxx.oktapreview.com/oauth2/default/v1/logout?appId_token_hint ="+idToken to logout the user in android, Click login and you can login without entering your username and password. Logcat will return 403. Can you help me