Skip to content

Latest commit

 

History

History
84 lines (69 loc) · 2.6 KB

auto-logout.md

File metadata and controls

84 lines (69 loc) · 2.6 KB
icon description
timer
Automatically logging out your user after a set period of inactivity on your app (they dont move the mouse or press any key on the keyboard for a while)

Auto Logout

Configuring auto logout policy

Important to understand: This is a policy that is enforced on the identity server. Not on in the application code!

The auto logout is defined by the lifespan of the refresh token.

For example, if you're using Keycloak and you want an auto disconnect after 5 minutes of inactivity you would set the SSO Session Idle to 5 minutes. See Keycloak configuration guide.

If you can't configure your OIDC server you can still enforce auto logout like so:

{% tabs %} {% tab title="Vanilla API" %}

import { createOidc } from "oidc-spa";

const oidc = await createOidc({
  // ...
  __unsafe_ssoSessionIdleSeconds: 10 * 60 // 10 minutes
  //autoLogoutParams: { redirectTo: "current page" } // Default
  //autoLogoutParams: { redirectTo: "home" }
  //autoLogoutParams: { redirectTo: "specific url", url: "/a-page" }
});

{% endtab %}

{% tab title="React API" %}

import { createReactOidc } from "oidc-spa/react";

export const {
    OidcProvider,
    useOidc
} = createReactOidc({
    // ...
    __unsafe_ssoSessionIdleSeconds: 10 * 60 // Ten minutes
    //autoLogoutParams: { redirectTo: "current page" } // Default
    //autoLogoutParams: { redirectTo: "home" }
    //autoLogoutParams: { redirectTo: "specific url", url: "/a-page" }
});

{% endtab %} {% endtabs %}

Note that this parameter is marked as unsafe because what happens if the user closes the tab? He will be able to return a while back and still be logged in. oidc-spa can't enforce a security policy when it's not running. Only the identity server can.

Displaying a coutdown timer before auto logout

{% embed url="https://youtu.be/GeZaZIr-d68" %} The demo app with a short SSO Session Idle {% endembed %}

{% tabs %} {% tab title="Vanilla API" %}

const { unsubscribeFromAutoLogoutCountdown } = oidc.subscribeToAutoLogoutCountdown(
  ({ secondsLeft }) => {
    if( secondsLeft === undefined ){
      console.log("Countdown reset, the user moved");
      return;
    }
    if( secondsLeft > 60 ){
      return;
    }
    console.log(`${secondsLeft} before auto logout`)
  }
);

{% endtab %}

{% tab title="React API" %} {% embed url="https://github.com/keycloakify/oidc-spa/blob/main/examples/tanstack-router/src/router/AutoLogoutCountdown.tsx" %} Example implementation of a 60 seconds countdown before autologout. {% endembed %} {% endtab %} {% endtabs %}