Add a Log Out endpoint available when the session API auth feature flag is enabled #9531
Labels
pm.GREI-d-2.7.1
NIH, yr2, aim7, task1: R&D UI modules for creating datasets and supporting publishing workflows
pm.GREI-d-2.7.2
NIH, yr2, aim7, task2: Implement UI modules for creating datasets and publishing workflows
Size: 10
A percentage of a sprint. 7 hours.
User Role: API User
Makes use of APIs
Milestone
Overview of the Feature Request
Initially, to emulate the JSF Log Out feature in the SPA, we considered the option of removing the JSESSIONID session cookie from the React application code, by accessing the browser cookies using a cookie management library. This solution would have the trade-off of not terminating the session in the backend, as JSF does when clicking log out, but considering the temporary lifetime of the session based API authentication, and that it will be executed on a closed and small beta testing environment, we did not find it a bad solution.
The problem with the previous solution and what makes it unfeasible is that the JSESSIONID cookie is HttpOnly, which means that it cannot be read or managed from javascript code. This has forced us to have to enable an endpoint to perform the Log Out.
Although the endpoint is publicly exposed, it only works when the feature flag is enabled, returning a server error otherwise. When the API evolves towards the final authentication mechanism, the logic of this endpoint will be modified to make it standard for all authentication mechanisms subject to Log Out (API Key is not subject to Log Out).
What kind of user is the feature intended for?
Dataverse frontend developers
What inspired the request?
What existing behavior do you want changed?
N/A
Any brand new behavior do you want to add to Dataverse Frontend?
New Log Out endpoint
Any related open or closed issues to this feature request?
The text was updated successfully, but these errors were encountered: