I have an MobileFirst Platform 6.3 app that uses Adapter Authentication. The user must be able to login and logout multiple times within a session, switching credentials (i.e login as "userA", logout, login as "userB", logout, etc.). All this works fine as long as the session stays active.
If I put my app in the background for 20-30 minutes, I will see in my server logs that my logout-function (onLogout) was called. I'm assuming this is being called by the framework when the session times out. My onLogout calls WL.Server.setActiveUser("RealmName", null) so this should invalidate the session, which it does seem to do.
The problem comes in when the user brings the app back to the foreground and attempts to invoke a protected procedure. I see by the server log that my login-function (onAuthRequired) is invoked by the framework. The message parameter is undefined. The headers parameter contains something like
{"Cookie":["WL_PERSISTENT_COOKIE=5a39bf15-b217-40c2-97eb-c6622213e799; JSESSIONID=00003dozYVeiAYXJYzoQf_oG6BI:5702d236-4455-4e22-bf0c-132459018524"],"Host":["192.168.1.64:10080"],"WL-Instance-Id":["4rjpubf76afnvs9l61gtkf197t"],"X-Requested-With":["XMLHttpRequest"],"Content-Length":["198"],"x-wl-clientlog-deviceId":["DE67FB50-5ABD-4418-A39D-69058144454F"],"x-wl-clientlog-model":["iPad5,4"],"User-Agent":["Mozilla/5.0 (iPad; CPU OS 8_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12D508/Worklight/6.3.0.0 (358300384)"],"x-wl-clientlog-osversion":["8.2"],"x-wl-clientlog-appname":["Greenwell"],"Connection":["keep-alive"],"x-wl-device-id":["B405CAA3-4EE6-4581-9004-5AA8AA950E0A"],"x-wl-clientlog-appversion":["1.2.1"],"x-wl-app-version":["1.2.1"],"Accept-Language":["en-US"],"x-wl-analytics-tracking-id":["5A9D03E9-42FA-41E7-9FFD-69C4EE89EF95"],"Authorization":["{\"wl_deviceNoProvisioningRealm\":{\"ID\":{\"token\":\"q0dhk0eutb0gi53ak2mltrlbkv\",\"app\":{\"id\":\"GreenwellBanking\",\"version\":\"1.2.1\"},\"device\":{\"id\":\"B405CAA3-4EE6-4581-9004-5AA8AA950E0A\",\"os\":\"8.2\",\"model\":\"iPad5,4\",\"environment\":\"ipad\"},\"custom\":{}}}}"],"Accept-Encoding":["gzip, deflate"],"x-wl-app-details":["{\"applicationDetails\":{\"platformVersion\":\"6.3.0.0\",\"nativeVersion\":\"1889110191\",\"skinName\":\"default\",\"skinChecksum\":2615010882,\"skinLoaderChecksum\":\"(null)\"}}"],"Content-Type":["application/x-www-form-urlencoded; charset=UTF-8"],"Accept":["text/javascript, text/html, application/xml, text/xml, */*"],"x-wl-clientlog-env":["ipad"]}.
Neither the success handler nor the failure handler of the WL.Client.invokeProcedure call get invoked. There seems to be a response in the log showing authRequired: true.
2015-03-25 10:44:16.937 Greenwell[649:305965] [DEBUG] [NONE] fetching offers
2015-03-25 10:44:16.964 Greenwell[649:305965] [DEBUG] [NONE] Request [/apps/services/api/GreenwellBanking/ipad/query]
2015-03-25 10:44:16.967 Greenwell[649:305968] [DEBUG] [WL_AFHTTPCLIENTWRAPPER_PACKAGE] +[WLAFHTTPClientWrapper requestWithURL:] in WLAFHTTPClientWrapper.m:37 :: Request url is http://192.168.1.64:10080/GreenwellBanking/apps/services/api/GreenwellBanking/ipad/query
2015-03-25 10:44:16.977 Greenwell[649:305968] [DEBUG] [WL_AFHTTPCLIENTWRAPPER_PACKAGE] -[WLAFHTTPClientWrapper start] in WLAFHTTPClientWrapper.m:182 :: Starting the request with URL http://192.168.1.64:10080/GreenwellBanking/apps/services/api/GreenwellBanking/ipad/query
2015-03-25 10:44:17.116 Greenwell[649:286631] [DEBUG] [WL_AFHTTPCLIENTWRAPPER_PACKAGE] -[WLAFHTTPClientWrapper requestFinished:] in WLAFHTTPClientWrapper.m:195 :: Request Success
2015-03-25 10:44:17.119 Greenwell[649:286631] [DEBUG] [WL_AFHTTPCLIENTWRAPPER_PACKAGE] -[WLAFHTTPClientWrapper requestFinished:] in WLAFHTTPClientWrapper.m:196 :: Response Status Code : 200
2015-03-25 10:44:17.122 Greenwell[649:286631] [DEBUG] [WL_AFHTTPCLIENTWRAPPER_PACKAGE] -[WLAFHTTPClientWrapper requestFinished:] in WLAFHTTPClientWrapper.m:197 :: Response Content : /*-secure-
{"errorMessage":null,"isSuccessful":true,"authRequired":true}*/
challengeHandler
var challengeHandler = WL.Client.createChallengeHandler("CaasAuthRealm");
challengeHandler.isCustomResponse = function(response) {
if (!response || !response.responseJSON || response.responseText === null) {
return false;
}
if (typeof(response.responseJSON.authRequired) !== 'undefined'){
return true;
} else {
return false;
}
}
challengeHandler.handleChallenge = function (response) {
var authRequired = response.responseJSON.authRequired;
console.log("Handling Challenge - authRequired = " + authRequired);
if (authRequired) {
challengeHandler.submitFailure("Bad credentials");
$.mobile.changePage("login.html", {transition: "slide"});
} else {
challengeHandler.submitSuccess();
if (Model.getInstance().username == "wcmaas-anonymous") {
$.mobile.changePage( "landing.html", { transition: "flip", reverse: true } );
} else {
$.mobile.changePage( "home.html", { transition: "flip" } );
}
}
}
Questions:
- If
onAuthRequiredis invoked by the framework on the server when the app callsWL.Client.invokeProcedure, why am I not seeing a challenge issued to the app? If I did, I could prompt the user to log in again. - Am I misunderstanding how a timeout should be handled? It seems like I am properly invalidating the session in
onLogout, but how can I prompt the user to reauthenticate without a Challenge?
