I have managed to use this package here to authorize login for my users. However, I am having trouble designing a logout system.
So far, what I’ve done is code up the following method in the class defined here. It essentially calls the revoke endpoint documented here. The revoke endpoint returns a 200 response.
def logout_request(self):
if self.is_authorized():
client_id = self.cognito_bp.client_id
client_secret = self.cognito_bp.client_secret
token = session.get("cognito_oauth_token")["refresh_token"]
resp = cognito.post(
"/oauth2/revoke",
params={"token": token},
headers={"Content-Type": "application/x-www-form-urlencoded"},
auth=HTTPBasicAuth(client_id, client_secret)
)
assert resp.ok, resp.text
del self.cognito_bp.token
session.clear()
return render_template("logout.html")
else:
return self.login_request()
Then, in the application.py folder, I have a Flask route defined:
@application.route("/logout", methods=["GET", "POST"])
def logout_user():
return auth.logout_request()
However, for some reason, the system still keeps me logged in. I feel like I need to delete a cookie server side. Any ideas on how to accomplish this? Jumping ahead, how would I be able to design a multi page concept given that I have written an explicit server route for the “logout” endpoint?
