That was intended. It is like “Login with Google” for ERPNext. When erpnext user logout, google user is still in session for other services.
Workaround is to redirect user to logout after everything is clear from app.
window.location.href = authServerUrl + '?cmd=web_logout';
Please see this screen recording. I am not sure what is happening.
Once the API call is successful. If i click the same button next time, it wont also, not able to access from frappe frontend.
This is my API call
getData(){
this.http.get<any>(`https://xxx.yyy.com//api/method/frappe.desk.form.load.getdoc`, {
withCredentials: true,
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json',
'Authorization': 'Bearer ' + this.accessToken
},
params: {
doctype: 'Sales Invoice',
name: 'SINV-21-00010',
},
}).subscribe({
next: data => {
console.log(data);
}
})
}
I just tried this capacitor repo, it revokes the token properly.
But the same issue as shown in the recording is encountered here as well. One time call to the API works, subsequent calls fail. Also not able to open frappe frontend in separate tab. but opens up in incognito window.
Looks like something to do with the cookie.
Vinod_Nadar:
withCredentials: true,
don’t use withCredentials. It’s for session based apps. We are doing token based access.
Wow! This fixed all the issues. Login, Logout, token revoke and login from Frappe Frontend.
Thanks alot. I blindly copied the getData function from my current angular app which runs on cookie
Rafi
December 21, 2021, 11:37am
26
How long the session will exist?
And is it OK to store api_secret and api_key at the browser local storage?
1 Like