Close the session and disposing the resources

Question

Close the session and disposing the resources

VladimirDeveloper opened this issue 6 years ago · comments

Hello! Say, I want to login to my site use external service, for example Mail.Ru
The simplest case is supposed the following steps:

Register Mail.Ru client by using OAuthManager.RegisterClient(new MailRuClient(...))
Receive authorization url by using OAuthWeb.GetAuthorizationUrl("Mail.Ru", ...)
Verifying the authorization by using OAuthWeb.VerifyAuthorization();

If all is Ok, user will be logged on to the system. If not, the login page of external service Mail.ru will reject the user.

Questions:

User want to logout and then login to the site under new credentials using the same external service Mail.ru.
How to correctly sign-out the user from site? How to close the session, related to external service in scenario above?
Common question: I can't find any close() or dispose() methods in library. Is it required to do some special disposing of the resources, related to Nemiro.OAuth?

Thank you

DB · Answer 1 · Tue Jan 23 2018 19:51:12 GMT+0800 (China Standard Time)

When your user login in the Mail.ru there will be a Token written in user settings.
So from my side in that case you can erase that token and call again login form, User can Login with other credentials.
I have written my own dispose - close function.

VladimirDeveloper · Answer 2 · Tue Jan 23 2018 21:20:51 GMT+0800 (China Standard Time)

Thank you for ideas.
It's not pretty clear where namely I have to erase the Token. The Token comes after verification in AuthorizationResult. But for the login, the Mail.ru client (as also other Nemiro.OAuth.Clients) uses the authorizeUrl parameter inside of the constructor of class. If you look into the code of clients, there is no any values like Token is used there, as for example part of authorizeUrl.
So, from my point of view, if external service doesn't provide any API to clear/reset Token, the sign out could not be done programmatically. This means user have to follow to Mail.ru and click manually on logoff OR user have to clear cookies of Mail.ru in browser

You said, you write own dispose - close function. What this function do? Please, could you show the code?

DB · Answer 3 · Wed Jan 24 2018 15:34:33 GMT+0800 (China Standard Time)

Well when you are connecting to mail.ru there will be in user settings written the token. This have to be erased. Project->Properties->Settings.
If you clean the token a click refresh or call again the Login method the user can login again.

VladimirDeveloper · Answer 4 · Wed Jan 24 2018 16:05:29 GMT+0800 (China Standard Time)

Perhaps we are talk about different things.
Here is the code of ASP.NET MVC project
Where inside of code I have to erase Token?

// ===================================
// Code of Global.asax.cs
// ===================================
protected void Application_Start()
{
   OAuthManager.RegisterClient(new MailRuClient(AppID, SecretCode));
}

// ===================================
// Code of view Index.cshtml
// ===================================
@{
    ViewBag.Title = "Index";
    Layout = "~/Views/Shared/_Layout.cshtml";
}

<h2>Authorization</h2>
    
<a href="#" 
   onclick="window.location.href='@Url.Action("MailRuLogin", "Home")';return false;">
   Login use Mail.Ru
</a>


// ===================================
// Code of controller
// ===================================
public class HomeController : Controller
{
      
   // Handle the authorization
   public ActionResult MailRuLoginResult()
   {
   	var result = OAuthWeb.VerifyAuthorization();
	if (result.IsSuccessfully)
	{
		// User authorized successfully, return his token
		// result.AccessToken is readonly, so we can't erase it...

        	return new ContentResult { 
			Content = "User token " + result.AccessToken, 
			ContentType = "text/plain" 
		};
	}

	return new ContentResult
	{
                Content = "Error: " + result.ErrorInfo.Message,
                ContentType = "text/plain"
        };
   }
   
   // Redirect user to MailRU login page
   public ActionResult MailRuLogin()
   {
	string authUrl = 
                  OAuthWeb.GetAuthorizationUrl(
                                  "Mail.Ru", 
                                  Url.Action("MailRuLoginResult", 
                                             "Home", 
                                             null, 
                                             null, 
                                             Request.Url.Host)
                   );

        // After redirection the user will see login page of Mail.Ru, if he not authorized
	return Redirect(authUrl); 
   }
}

Aleksey Nemiro · Answer 5 · Wed Jan 24 2018 16:46:37 GMT+0800 (China Standard Time)

This cannot be done programmatically from the server side. In most cases, the user himself must perform logout from the provider site, through the interface of the provider site.

Mail.Ru has endpoint to logout: https://auth.mail.ru/cgi-bin/logout

But the client's return is possible only to *.mail.ru.

Try using JavaScript: http://api.mail.ru/docs/reference/js/connect-logout/

VladimirDeveloper · Answer 6 · Wed Jan 24 2018 19:08:05 GMT+0800 (China Standard Time)

Thank you for answer!

Alexey, another question.
I saw examples of using your library on different sites. I tried to find some public close() or dispose() methods in library, but it seems such no exists. Is it required to perform some special disposing of the resources, related to Nemiro.OAuth and if yes, in which cases?

Aleksey Nemiro · Answer 7 · Wed Jan 24 2018 19:31:15 GMT+0800 (China Standard Time)

That is unnecessary.

VladimirDeveloper · Answer 8 · Wed Jan 24 2018 19:48:07 GMT+0800 (China Standard Time)

Thank you very much for your great job and quick answers!