Authentication with ADAL - Problem with the log out

0
votes

I am working on an IOS application coding in SWIFT 4 and I am using the framework ADAL in order to authenticate the users. I set up the athentication and everything goes well until the log out. When I log out a user from the application, the application deletes the cookie. When trying to issue a log out and log in as a different user Azure AD is still seeing the previous cookie.

The code of the signout function below :

@IBAction func signoutButton(_ sender: Any) {

    displaySelectionController.isHidden = true
    self.signoutButton.isEnabled = false
    self.signoutButton.backgroundColor = #colorLiteral(red: 0.7018831372, green: 0.7020055652, blue: 0.7018753886, alpha: 1)
    connectedLabel.isHidden = true
    connectedTextInfo.isHidden = true
    callGraphButton.isHidden = false
    displaySelectionController.isHidden = true

    let request = NSMutableURLRequest(url: NSURL(string: "https://login.microsoft.com/logout")! as URL)
    request.httpMethod = "GET"

    guard let account = currentAccount()?.userInformation?.userId else {
        self.updateLogging(text: "Didn't find a logged in account in the cache.")
        return
    }

    ADKeychainTokenCache.defaultKeychain().removeAll(forUserId: account, clientId: kClientID, error: nil)

    let cookieJar = HTTPCookieStorage.shared
    guard let cookies = cookieJar.cookies else { return }
    let cookiesArr = Array(cookies)
    for cookie: HTTPCookie in cookiesArr {
        if (cookie.name == "SignInStateCookie" || cookie.name == "ESTSAUTHPERSISTENT" || cookie.name == "ESTSAUTHLIGHT" || cookie.name == "ESTSAUTH" || cookie.name == "ESTSSC") {
            cookieJar.deleteCookie(cookie)
            print("     COOKIE DELETED")
        }
    }

    self.updateLogging(text: "Removed account for: \(account)" )
}
1
iosswiftazureazure-active-directoryadal
You can try the code from my answer - this is from a working app. - Paulw11
It still does not work, I can disconnect a user from the Microsoft application but he stays connected on the client application. SO when I try to connect with another user, I have to enter the email address of the new user on the Microsoft application and then I am directly connected without being driven to the client application where it is supposed to give the password. - Romain Peres
Thus, The new user is connected but the information that are sent from the client application are the information of the previous user, because he has still been connected on the client app ... - Romain Peres
What do you mean by "The Microsoft application"? Do you mean the authentication web view? Are you using the Microsoft Authenticator App? My code is taken from a working app that uses the Graph API. After running this code any attempt to access the API triggers the authentication process and requires you to enter a username and password (unless I am using the authenticator app in which case SSO only requires me to select my previously authenticated user). Do you use SFSafariViewController in your logout process? - Paulw11
Microsoft application for would mean the Microsoft login page, so yes the authentic web view. I use also the Graph API with ADFS an my app registration (Active Directory). - Romain Peres

1 Answers

0
votes

I solve my issue by changing the way I delete cookies :

@IBAction func signoutButton(_ sender: Any) {

    displaySelectionController.isHidden = true
    self.signoutButton.isEnabled = false
    self.signoutButton.backgroundColor = #colorLiteral(red: 0.7018831372, green: 0.7020055652, blue: 0.7018753886, alpha: 1)
    connectedLabel.isHidden = true
    connectedTextInfo.isHidden = true
    callGraphButton.isHidden = false
    displaySelectionController.isHidden = true

    ADKeychainTokenCache.defaultKeychain().removeAll(forClientId: kClientID, error: nil)

    _ = HTTPCookie.self
    let cookieJar = HTTPCookieStorage.shared

    for cookie in cookieJar.cookies! {
        cookieJar.deleteCookie(cookie)
    }
}