FormidableLabs
diff --git a/‎README.md
Lines changed: 18 additions & 0 deletions b/‎README.md
Lines changed: 18 additions & 0 deletions
diff --git a/‎android/src/main/java/com/rnappauth/RNAppAuthModule.java
Lines changed: 169 additions & 34 deletions b/‎android/src/main/java/com/rnappauth/RNAppAuthModule.java
Lines changed: 169 additions & 34 deletions
diff --git a/‎android/src/main/java/com/rnappauth/utils/EndSessionResponseFactory.java
Lines changed: 21 additions & 0 deletions b/‎android/src/main/java/com/rnappauth/utils/EndSessionResponseFactory.java
Lines changed: 21 additions & 0 deletions
diff --git a/‎docs/config-examples/okta.md
Lines changed: 8 additions & 0 deletions b/‎docs/config-examples/okta.md
Lines changed: 8 additions & 0 deletions
@@ -118,6 +118,7 @@ with optional overrides.
   - **tokenEndpoint** - (`string`) _REQUIRED_ fully formed url to the OAuth token exchange endpoint
   - **revocationEndpoint** - (`string`) fully formed url to the OAuth token revocation endpoint. If you want to be able to revoke a token and no `issuer` is specified, this field is mandatory.
   - **registrationEndpoint** - (`string`) fully formed url to your OAuth/OpenID Connect registration endpoint. Only necessary for servers that require client registration.
+  - **endSessionEndpoint** - (`string`) fully formed url to your OpenID Connect end session endpoint. If you want to be able to end a user's session and no `issuer` is specified, this field is mandatory.
 - **clientId** - (`string`) _REQUIRED_ your client id on the auth server
 - **clientSecret** - (`string`) client secret to pass to token exchange requests. :warning: Read more about [client secrets](#note-about-client-secrets)
 - **redirectUrl** - (`string`) _REQUIRED_ the url that links back to your app with the auth code
@@ -192,6 +193,23 @@ const result = await revoke(config, {
 });
 ```
 
+### `logout`
+
+This method will logout a user, as per the [OpenID Connect RP Initiated Logout](https://openid.net/specs/openid-connect-rpinitiated-1_0.html) specification. It requires an `idToken`, obtained after successfully authenticating with OpenID Connect, and a URL to redirect back after the logout has been performed.
+
+```js
+import { logout } from 'react-native-app-auth';
+
+const config = {
+  issuer: '<YOUR_ISSUER_URL>'
+};
+
+const result = await logout(config, {
+  idToken: '<ID_TOKEN>',
+  postLogoutRedirectUrl: '<POST_LOGOUT_URL>'
+});
+```
+
 ### `register`
 
 This will perform [dynamic client registration](https://openid.net/specs/openid-connect-registration-1_0.html) on the given provider.
 
@@ -28,6 +28,7 @@
 import com.rnappauth.utils.UnsafeConnectionBuilder;
 import com.rnappauth.utils.RegistrationResponseFactory;
 import com.rnappauth.utils.TokenResponseFactory;
+import com.rnappauth.utils.EndSessionResponseFactory;
 import com.rnappauth.utils.CustomConnectionBuilder;
 
 import net.openid.appauth.AppAuthConfiguration;
@@ -45,6 +46,8 @@
 import net.openid.appauth.ResponseTypeValues;
 import net.openid.appauth.TokenResponse;
 import net.openid.appauth.TokenRequest;
+import net.openid.appauth.EndSessionRequest;
+import net.openid.appauth.EndSessionResponse;
 import net.openid.appauth.connectivity.ConnectionBuilder;
 import net.openid.appauth.connectivity.DefaultConnectionBuilder;
 
@@ -84,15 +87,15 @@ public RNAppAuthModule(ReactApplicationContext reactContext) {
 
     @ReactMethod
     public void prefetchConfiguration(
-        final Boolean warmAndPrefetchChrome,
-        final String issuer,
-        final String redirectUrl,
-        final String clientId,
-        final ReadableArray scopes,
-        final ReadableMap serviceConfiguration,
-        final boolean dangerouslyAllowInsecureHttpRequests,
-        final ReadableMap headers,
-        final Promise promise
+            final Boolean warmAndPrefetchChrome,
+            final String issuer,
+            final String redirectUrl,
+            final String clientId,
+            final ReadableArray scopes,
+            final ReadableMap serviceConfiguration,
+            final boolean dangerouslyAllowInsecureHttpRequests,
+            final ReadableMap headers,
+            final Promise promise
     ) {
         if (warmAndPrefetchChrome) {
             warmChromeCustomTab(reactContext, issuer);
@@ -145,17 +148,17 @@ public void onFetchConfigurationCompleted(
 
     @ReactMethod
     public void register(
-        String issuer,
-        final ReadableArray redirectUris,
-        final ReadableArray responseTypes,
-        final ReadableArray grantTypes,
-        final String subjectType,
-        final String tokenEndpointAuthMethod,
-        final ReadableMap additionalParameters,
-        final ReadableMap serviceConfiguration,
-        final boolean dangerouslyAllowInsecureHttpRequests,
-        final ReadableMap headers,
-        final Promise promise
+            String issuer,
+            final ReadableArray redirectUris,
+            final ReadableArray responseTypes,
+            final ReadableArray grantTypes,
+            final String subjectType,
+            final String tokenEndpointAuthMethod,
+            final ReadableMap additionalParameters,
+            final ReadableMap serviceConfiguration,
+            final boolean dangerouslyAllowInsecureHttpRequests,
+            final ReadableMap headers,
+            final Promise promise
     ) {
         this.parseHeaderMap(headers);
         final ConnectionBuilder builder = createConnectionBuilder(dangerouslyAllowInsecureHttpRequests, this.registrationRequestHeaders);
@@ -394,6 +397,72 @@ public void onFetchConfigurationCompleted(
 
     }
 
+    @ReactMethod
+    public void logout(
+            String issuer,
+            final String idTokenHint,
+            final String postLogoutRedirectUri,
+            final ReadableMap serviceConfiguration,
+            final ReadableMap additionalParameters,
+            final boolean dangerouslyAllowInsecureHttpRequests,
+            final Promise promise
+    ) {
+        final ConnectionBuilder builder = createConnectionBuilder(dangerouslyAllowInsecureHttpRequests, null);
+        final AppAuthConfiguration appAuthConfiguration = this.createAppAuthConfiguration(builder, dangerouslyAllowInsecureHttpRequests);
+        final HashMap<String, String> additionalParametersMap = MapUtil.readableMapToHashMap(additionalParameters);
+
+        this.promise = promise;
+
+        if (serviceConfiguration != null || hasServiceConfiguration(issuer)) {
+            try {
+                final AuthorizationServiceConfiguration serviceConfig = hasServiceConfiguration(issuer) ? getServiceConfiguration(issuer) : createAuthorizationServiceConfiguration(serviceConfiguration);
+                endSessionWithConfiguration(
+                        serviceConfig,
+                        appAuthConfiguration,
+                        idTokenHint,
+                        postLogoutRedirectUri,
+                        additionalParametersMap
+                );
+            } catch (ActivityNotFoundException e) {
+                promise.reject("browser_not_found", e.getMessage());
+            } catch (Exception e) {
+                promise.reject("end_session_failed", e.getMessage());
+            }
+        } else {
+            final Uri issuerUri = Uri.parse(issuer);
+            AuthorizationServiceConfiguration.fetchFromUrl(
+                    buildConfigurationUriFromIssuer(issuerUri),
+                    new AuthorizationServiceConfiguration.RetrieveConfigurationCallback() {
+                        public void onFetchConfigurationCompleted(
+                                @Nullable AuthorizationServiceConfiguration fetchedConfiguration,
+                                @Nullable AuthorizationException ex) {
+                            if (ex != null) {
+                                promise.reject("service_configuration_fetch_error", ex.getLocalizedMessage(), ex);
+                                return;
+                            }
+
+                            setServiceConfiguration(issuer, fetchedConfiguration);
+
+                            try {
+                                endSessionWithConfiguration(
+                                        fetchedConfiguration,
+                                        appAuthConfiguration,
+                                        idTokenHint,
+                                        postLogoutRedirectUri,
+                                        additionalParametersMap
+                                );
+                            } catch (ActivityNotFoundException e) {
+                                promise.reject("browser_not_found", e.getMessage());
+                            } catch (Exception e) {
+                                promise.reject("end_session_failed", e.getMessage());
+                            }
+                        }
+                    },
+                    builder
+            );
+        }
+    }
+
     /*
      * Called when the OAuth browser activity completes
      */
@@ -468,32 +537,52 @@ public void onTokenRequestCompleted(
             }
 
         }
+
+        if (requestCode == 53) {
+            if (data == null) {
+                if (promise != null) {
+                    promise.reject("end_session_failed", "Data intent is null" );
+                }
+                return;
+            }
+            EndSessionResponse response = EndSessionResponse.fromIntent(data);
+            AuthorizationException ex = AuthorizationException.fromIntent(data);
+            if (ex != null) {
+                if (promise != null) {
+                    handleAuthorizationException("end_session_failed", ex, promise);
+                }
+                return;
+            }
+            final Promise endSessionPromise = this.promise;
+            WritableMap map = EndSessionResponseFactory.endSessionResponseToMap(response);
+            endSessionPromise.resolve(map);
+        }
     }
 
     /*
      * Perform dynamic client registration with the provided configuration
      */
     private void registerWithConfiguration(
-        final AuthorizationServiceConfiguration serviceConfiguration,
-        final AppAuthConfiguration appAuthConfiguration,
-        final ReadableArray redirectUris,
-        final ReadableArray responseTypes,
-        final ReadableArray grantTypes,
-        final String subjectType,
-        final String tokenEndpointAuthMethod,
-        final Map<String, String> additionalParametersMap,
-        final Promise promise
+            final AuthorizationServiceConfiguration serviceConfiguration,
+            final AppAuthConfiguration appAuthConfiguration,
+            final ReadableArray redirectUris,
+            final ReadableArray responseTypes,
+            final ReadableArray grantTypes,
+            final String subjectType,
+            final String tokenEndpointAuthMethod,
+            final Map<String, String> additionalParametersMap,
+            final Promise promise
     ) {
         final Context context = this.reactContext;
 
         AuthorizationService authService = new AuthorizationService(context, appAuthConfiguration);
 
         RegistrationRequest.Builder registrationRequestBuilder =
                 new RegistrationRequest.Builder(
-                    serviceConfiguration,
-                    arrayToUriList(redirectUris)
+                        serviceConfiguration,
+                        arrayToUriList(redirectUris)
                 )
-                    .setAdditionalParameters(additionalParametersMap);
+                        .setAdditionalParameters(additionalParametersMap);
 
         if (responseTypes != null) {
             registrationRequestBuilder.setResponseTypeValues(arrayToList(responseTypes));
@@ -677,6 +766,47 @@ public void onTokenRequestCompleted(@Nullable TokenResponse response, @Nullable
         }
     }
 
+    /*
+     * End user session with provided configuration
+     */
+    private void endSessionWithConfiguration(
+            final AuthorizationServiceConfiguration serviceConfiguration,
+            final AppAuthConfiguration appAuthConfiguration,
+            final String idTokenHint,
+            final String postLogoutRedirectUri,
+            final Map<String, String> additionalParametersMap
+    ) {
+        final Context context = this.reactContext;
+        final Activity currentActivity = getCurrentActivity();
+
+        EndSessionRequest.Builder endSessionRequestBuilder =
+                new EndSessionRequest.Builder(
+                        serviceConfiguration,
+                        idTokenHint,
+                        Uri.parse(postLogoutRedirectUri)
+                );
+
+        if (additionalParametersMap != null) {
+            if (additionalParametersMap.containsKey("state")) {
+                endSessionRequestBuilder.setState(additionalParametersMap.get("state"));
+            }
+        }
+
+        EndSessionRequest endSessionRequest = endSessionRequestBuilder.build();
+
+        if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.LOLLIPOP) {
+            AuthorizationService authService = new AuthorizationService(context, appAuthConfiguration);
+            Intent endSessionIntent = authService.getEndSessionRequestIntent(endSessionRequest);
+
+            currentActivity.startActivityForResult(endSessionIntent, 53);
+        } else {
+            AuthorizationService authService = new AuthorizationService(currentActivity, appAuthConfiguration);
+            PendingIntent pendingIntent = currentActivity.createPendingResult(53, new Intent(), 0);
+
+            authService.performEndSessionRequest(endSessionRequest, pendingIntent);
+        }
+    }
+
     private void parseHeaderMap (ReadableMap headerMap) {
         if (headerMap == null) {
             return;
@@ -793,14 +923,19 @@ private AuthorizationServiceConfiguration createAuthorizationServiceConfiguratio
         Uri authorizationEndpoint = Uri.parse(serviceConfiguration.getString("authorizationEndpoint"));
         Uri tokenEndpoint = Uri.parse(serviceConfiguration.getString("tokenEndpoint"));
         Uri registrationEndpoint = null;
+        Uri endSessionEndpoint = null;
         if (serviceConfiguration.hasKey("registrationEndpoint")) {
             registrationEndpoint = Uri.parse(serviceConfiguration.getString("registrationEndpoint"));
         }
+        if (serviceConfiguration.hasKey("endSessionEndpoint")) {
+            endSessionEndpoint = Uri.parse(serviceConfiguration.getString("endSessionEndpoint"));
+        }
 
         return new AuthorizationServiceConfiguration(
                 authorizationEndpoint,
                 tokenEndpoint,
-                registrationEndpoint
+                registrationEndpoint,
+                endSessionEndpoint
         );
     }
 
@@ -837,7 +972,7 @@ private AuthorizationServiceConfiguration getServiceConfiguration(@Nullable Stri
     }
 
     private void handleAuthorizationException(final String fallbackErrorCode, final AuthorizationException ex, final Promise promise) {
-         if (ex.getLocalizedMessage() == null) {
+        if (ex.getLocalizedMessage() == null) {
             promise.reject(fallbackErrorCode, ex.error, ex);
         } else {
             promise.reject(ex.error != null ? ex.error: fallbackErrorCode, ex.getLocalizedMessage(), ex);
 
@@ -0,0 +1,21 @@
+package com.rnappauth.utils;
+
+import com.facebook.react.bridge.Arguments;
+import com.facebook.react.bridge.WritableMap;
+
+import net.openid.appauth.EndSessionResponse;
+
+public final class EndSessionResponseFactory {
+    /*
+     * Read raw end session response into a React Native map to be passed down the bridge
+     */
+    public static final WritableMap endSessionResponseToMap(EndSessionResponse response) {
+        WritableMap map = Arguments.createMap();
+
+        map.putString("state", response.state);
+        map.putString("idTokenHint", response.request.idToken);
+        map.putString("postLogoutRedirectUri", response.request.redirectUri.toString());
+
+        return map;
+    }
+}
@@ -7,6 +7,8 @@ Full support out of the box.
 > Log in to your Okta Developer account and navigate to **Applications** > **Add Application**. Click **Native** and click the **Next** button. Give the app a name you’ll remember (e.g., `React Native`), select `Refresh Token` as a grant type, in addition to the default `Authorization Code`. Copy the **Login redirect URI** (e.g., `com.oktapreview.dev-158606:/callback`) and save it somewhere. You'll need this value when configuring your app.
 >
 > Click **Done** and you'll see a client ID on the next screen. Copy the redirect URI and clientId values into your App Auth config.
+>
+> To end the session, `postLogoutRedirectUrl` has to be one of the **Sign-out redirect URIs** defined in the **General Settings** > **LOGIN** section of the application page previously created.
 
 ```js
 const config = {
@@ -28,4 +30,10 @@ const refreshedState = await refresh(config, {
 await revoke(config, {
   tokenToRevoke: refreshedState.refreshToken
 });
+
+// End session
+await logout(config, {
+  idToken: authState.idToken,
+  postLogoutRedirectUrl: 'com.{yourReversedOktaDomain}:/logout'
+});
 ```