Replies: 1 comment 4 replies
-
|
https://github.com/panva/node-oidc-provider/discussions/new?category=ideas
|
Beta Was this translation helpful? Give feedback.
-
|
I thought so. Without an |
Beta Was this translation helpful? Give feedback.
-
|
I think the obvious solution is that you also remove sessions and or include a presence check in your session's adapter find method if you need one. There's no need for an issues section which inherently turns into just a q&a again, which is why it was disabled in the first place. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you taking the time to respond - I understand it is difficult to dedicate time for this type of questions. I had no intension to waste time, but more to discuss towards finding the perfect solution for this issue. I understand now that, a check can be added in the custom adapter when the session is retrieved - if there is no account then the session will not be returned. |
Beta Was this translation helpful? Give feedback.
-
|
Perfect. |
Beta Was this translation helpful? Give feedback.
-
Situation
At the moment if a user login, a session is created for the his
account.id. If the account is deleted and lets say the user lands on the/authendpoint he will be redirected automatically to the consent page because a session already exists. But that can't be displayed successfully because we are presented with the following error:Solution
💡 Of course we will do our best to delete the sessions when an account is deleted - but shouldn't we handle this in the library?
I can see that we have the findAccount middleware, that does nothing if the account doesn't exist, why is that?
Also what would be the recommended approach to achieve the following: If as session exists but no account redirect to the login prompt?
Beta Was this translation helpful? Give feedback.
All reactions