I was investigating a frontend issue and I observed some strange behavior specifically in the esm-login-app. I understand OpenMRS recommends use of Chrome but for purposes of demonstrating the behavior I’m observing, you have to use Firefox or Safari and try to logout of OpenMRS when the oauth2login module is in use. It appears to me like there could be multiple un-coordinated navigations and redirects that happen during login and/or post logout and I think the redirect-logout resource, login component hook and openmrs-fetch compete with each other during the logout dance with the identity provider.
The undesired behavior that I’m seeing is that when a user logs out, there are about 2-3 navigation calls that are made from the above 3 files which forces the browser to abort the earlier one(s) and proceed with a single one. With the oauth2login module in use, 2 issues below could arise,
The user fails to logout because the redirect to the identity provider is aborted which is the bug manifested in Firefox and Safari, this can be reproduced consistently.
You notice page flickering, basically the user momentarily sees the standard logout page that comes with O3 before the browser actually takes them to the identity provider’s login page, this behavior is sporadic.
It would be nice if the frontend Gurus could take a closer look at this and chime in.
Does this mean that all i need is to simply install the oauth2login module into an O3 instance and then try to logout? Or are there any other steps that i need to take?
@dkayiwa you can reproduce associated issues in Firefox or Safari on this Ozone Dev you will notice you can’t get logged out. Some Chrome users do experience a different issue though, they end up seeing the skip logout confirmation in the IDP which should not be happening.
When you reproduce any of the above issues on Ozone Dev, please take a look in your browser developer tools and pay attention to the XHR requests (be sure to check the preserve logs option in developer tools), you will notice some calls are getting aborted/cancelled by the browser.