Implement Password Grant Flow for Authentication and Enhance User Experience
- Introduced Password Grant Flow for user authentication, allowing direct login with email and password. - Updated `useAuth` composable to manage login and logout processes, including Single Sign-Out from Cidaas. - Enhanced user interface with a new `UserMenu` component displaying user information and logout functionality. - Updated homepage to show personalized greetings for logged-in users and a login prompt for guests. - Added logout confirmation page with a countdown redirect to the homepage. - Documented the implementation details and future enhancements for OAuth2 flows in CLAUDE.md and other relevant documentation. - Added test credentials and guidelines for automated testing in the new TESTING.md file.
This commit is contained in:
Bastian Masanek
@@ -3,7 +3,7 @@
|
||||
/**
|
||||
* POST /api/auth/logout
|
||||
*
|
||||
* End user session and clear session cookie
|
||||
* End user session and perform Single Sign-Out at Cidaas
|
||||
*
|
||||
* Response:
|
||||
* {
|
||||
@@ -12,13 +12,34 @@
|
||||
*/
|
||||
|
||||
export default defineEventHandler(async (event) => {
|
||||
// Clear session (nuxt-auth-utils)
|
||||
await clearUserSession(event)
|
||||
try {
|
||||
// 1. Get session to retrieve access token
|
||||
const session = await getUserSession(event)
|
||||
|
||||
// Optional: Revoke Cidaas tokens (Single Sign-Out)
|
||||
// This would require storing refresh_token in session and calling Cidaas revoke endpoint
|
||||
// 2. If access token exists, logout from Cidaas (Single Sign-Out)
|
||||
if (session.accessToken) {
|
||||
try {
|
||||
await logoutFromCidaas(session.accessToken)
|
||||
} catch (error) {
|
||||
// Log error but continue with local logout
|
||||
console.error('Cidaas logout failed, continuing with local logout:', error)
|
||||
}
|
||||
}
|
||||
|
||||
return {
|
||||
success: true,
|
||||
// 3. Clear local session (nuxt-auth-utils)
|
||||
await clearUserSession(event)
|
||||
|
||||
return {
|
||||
success: true,
|
||||
}
|
||||
} catch (error) {
|
||||
console.error('Logout error:', error)
|
||||
|
||||
// Clear session even if Cidaas logout fails
|
||||
await clearUserSession(event)
|
||||
|
||||
return {
|
||||
success: true, // Always return success for logout
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
Reference in New Issue
Block a user