Comments
|
That’s a great idea! Contributions as always welcomed :) |
|
This would be very useful for example for disabling push notifications for users that have logged out. Any traction for the implementation? |
|
@trautonen Yes, there is. I am pretty interested in contributing to this one. |
|
Hello contributors! I am marking this issue as stale as it has not received any engagement from the community or maintainers for a year. That does not imply that the issue has no merit! If you feel strongly about this issue
Throughout its lifetime, Ory has received over 10.000 issues and PRs. To sustain that growth, we need to prioritize and focus on issues that are important to the community. A good indication of importance, and thus priority, is activity on a topic. Unfortunately, burnout has become a topic of concern amongst open-source projects. It can lead to severe personal and health issues as well as opening catastrophic attack vectors. The motivation for this automation is to help prioritize issues in the backlog and not ignore, reject, or belittle anyone. If this issue was marked as stale erroneously you can exempt it by adding the Thank you for your understanding and to anyone who participated in the conversation! And as written above, please do participate in the conversation if this topic is important to you! Thank you 🙏✌️ |
Preflight checklist
Describe your problem
I use browser flows for the front end (SPA).
I am caching the Ory Session Cookies on my backend because hitting ory cloud each time is too expensive.
To revoke this cache, I need to know when a user logs out.
Describe your ideal solution
An after logout webhook (exactly like login except it's a logout), containing enough data to identify the logged-out session (containing the now-revoked token for example).
Workarounds or alternatives
Hitting my backend to revoke the cache, as well as make a request to ory to delete the session.
Unfortunately, it seems the cookie session tokens are not session tokens as described by the API, thus we cannot revoke them by using API flows.
Another alternative would be to emulate a browser flow, but that becomes ridiculous really fast.
Version
Cloud
Additional Context
Other session providers such as Auth0 explicitly use this method to make their clouds offering usable.
Without proper callbacks, using browser flows is essentially impossible, and using API flows is just more complex.
The text was updated successfully, but these errors were encountered: