Logging out from the iOS SDK doesn't work because it remembers your account - the browser window doesn't bring up the username/password login screen but takes you straight to authentication.
I checked the SDK and it hasn't been updated recently and the sample app exhibits the same behaviour. After I login once and then use the logout button, it later bypasses the login screen.
Sorry, I have a feeling this has been mentioned before but was not able to find a thread.
2 replies to this topic
#2
Richard Haven
-
-
- Title: Member
- Group: Members
- 48 posts
Posted 29 June 2012 - 10:46 PM
It might be that the browser "remembers" the session, and EN is just responding to a valid access token.
OAuth 2 has the concept of refresh tokens: the access token is short-lived (i.e. one session). A long-lived refresh token (returned with or instead of an access token) exchanges for another short-lived access token.
Instead of revoking the access token, the service would revoke the refresh token. The difference is subtle, but it makes high-jacking an access token a bit less useful.
Logging out could invalidate the access token. The application could then choose to try and exchange its refresh token or just send the user to the login page. One would not have to choose between invalidating all future auto-login behavior just to explicitly end the current session.
Cheers
OAuth 2 has the concept of refresh tokens: the access token is short-lived (i.e. one session). A long-lived refresh token (returned with or instead of an access token) exchanges for another short-lived access token.
Instead of revoking the access token, the service would revoke the refresh token. The difference is subtle, but it makes high-jacking an access token a bit less useful.
Logging out could invalidate the access token. The application could then choose to try and exchange its refresh token or just send the user to the login page. One would not have to choose between invalidating all future auto-login behavior just to explicitly end the current session.
Cheers
#3
AndyDent
-
-
- Title: Bushwhacker
- Group: Members
- 134 posts
Posted 30 June 2012 - 10:51 AM
Yes I'm sure the browser is remembering the session. Hopefully because it is a UIWebView control launched within the SDK either I can work out later how to fix it or the Evernote staffer responsible for that SDK will do so. It may also be a server-side problem so I've opened a ticket on the issue.
It's one of those things which is a bit arguable - it's nice to have passwords and logins cached but only so they fill in saving me typing them. Entirely bypassing the page without the opportunity to overtype the saved login is obnoxious.
I just tested a rival iOS app that's been submitted for the competition and it has exactly the same problem as I'm experiencing so have dropped my personal priority on this problem a couple of notches.
It's one of those things which is a bit arguable - it's nice to have passwords and logins cached but only so they fill in saving me typing them. Entirely bypassing the page without the opportunity to overtype the saved login is obnoxious.
I just tested a rival iOS app that's been submitted for the competition and it has exactly the same problem as I'm experiencing so have dropped my personal priority on this problem a couple of notches.
Also tagged with one or more of these keywords: ios, authentication
Other
Evernote Products →
Evernote →
RemindersStarted by gbarry, Today, 04:44 PM  evernote, web, mac, ios
|
|
|
||
iOS
Evernote Products →
Evernote →
Create and Organize StacksStarted by Bradley Chambers, Today, 02:42 PM evernote
|
|
|
||
iOS
Evernote Products →
Skitch →
Bug Report + Need to be able to obtain Direct Image URLStarted by Lew, Today, 01:22 PM skitch
|
|
|
||
iOS
Evernote Products →
Evernote →
Writing on iphone?Started by GodAtum, Today, 12:08 PM evernote
|
|
|
||
iOS
Evernote Products →
Evernote →
how to creat imagenote in iosStarted by tangital, Today, 04:33 AM evernote
|
|
|
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
