ibm mobilefirst - Handle challenge function not called when logging in after logout -
i have created angular service, i'm registering challengehandler way:
azurechallengehandler = wl.client.createchallengehandler(realm); azurechallengehandler.iscustomresponse = function (response) { ... }; azurechallengehandler.handlechallenge = function (response) { ... };
so i'm logging in function:
wl.client.login(realm, options)
and first time works ok, iscustomresponse gets called, returns "true", handlechallenge gets called. after logging out function:
wl.client.logout(realm, options)
when try login again, iscustomresponse gets called , still returns "true", handlechallenge not firing.
how can fix that?
after calling wl.client.reloadapp() or reloading app can login again, it's not suitable solution.
update:
here adapter code:
function onauthrequired(headers) { return customloginresponse(true, false, false); } function customloginresponse(authrequired, azuretokenrequired, wrongtenant) { return { authrequired: authrequired, azuretokenrequired: azuretokenrequired, realm: 'azureauth', wrongtenant: wrongtenant }; } function onlogout(){ wl.server.setactiveuser("azureauth", null); wl.logger.debug("logged out"); } function submitlogout(uuid, orgid, ssogroup){ wl.server.invokeprocedure({ adapter: "azuretokensqladapter", procedure: "removerefreshtoken", parameters: [uuid, orgid, ssogroup] }); onlogout(); } function submitlogin(uuid, orgid, ssogroup, code) { var tokenobject = gettokens(code); if (tokenobject.id_token) { var jwtparsed = parsejwt(tokenobject.id_token); var tenantid = jwtparsed.tid; var invocationresult = wl.server.invokeprocedure({ adapter: "azuretokensqladapter", procedure: "checktenant", parameters: [orgid, tenantid] }); if (!invocationresult.tenantregistered) { return customloginresponse(true, true, true); } } return authuser(tokenobject, uuid, orgid, ssogroup); }
and here client code:
function azureauthservice($q, _, $state) { var loginpromise; azurechallengehandler = wl.client.createchallengehandler(realm); //first response after protected call azurechallengehandler.iscustomresponse = function (response) { if (!response || !response.responsejson || response.responsetext === null) { return false; } return response.responsejson.realm == realm; }; //when iscustomresponse returns true azurechallengehandler.handlechallenge = function (response) { wl.logger.debug("challenge handler -- handlechallenge"); var authrequired = response.responsejson.authrequired; var azuretokenrequired = response.responsejson.azuretokenrequired; var wrongtenant = response.responsejson.wrongtenant; if (wrongtenant) { loginpromise.reject('wrong tenant'); } else if (authrequired && azuretokenrequired) { fulllogin(); } else if (authrequired) { fastlogin(); } else { loginpromise.resolve(); } }; azurechallengehandler.handlefailure = function (error) { console.log('failure'); console.log(error); }; return { init: init, login: login, logout: logout }; function init(config) { ssogroup = config.ssogroup; orgid = config.orgid; } function login() { loginpromise = $q.defer(); wl.client.login(realm, { onsuccess: function(info) { loginpromise.resolve(); }, onfailure: function(error) { loginpromise.reject(); } }); return loginpromise.promise; } function logout() { var logoutpromise = $q.defer(); var invocationdata = { adapter : 'azureauth', procedure : 'submitlogout', parameters : [device.uuid, orgid, ssogroup] }; wl.client.invokeprocedure(invocationdata).then(function () { wl.client.logout(realm, { onsuccess: function () { logoutpromise.resolve(); }, onfailure: function () { logoutpromise.reject(); } }); }, function () { logoutpromise.reject(); }); return logoutpromise.promise; } }
fastlogin , fulllogin functions perform work , call
var options = { parameters: [device.uuid, orgid, ssogroup, transitionauthobject.requesttoken], adapter: "azureauth", procedure: "submitlogin" }; azurechallengehandler.submitadapterauthentication(options);
can't see fulllogin() , fastlogin() methods it's hard sure. make sure you're calling challengehandler's submitsuccess() or submitfailure() methods after successful/failed authentication. authentication framework keeps queue of requests/responses require authentication. after successful/failed authentication need invoke submitsuccess/submitfailure on challenge handler in order authentication framework remove requests queue , process it. in case you're not doing request remains in queue , once you're sending new request triggers authentication put queue not handled since there's request waiting authentication.
Comments
Post a Comment