Skip to content

[auth] logout changes#3555

Open
byronkarlen wants to merge 2 commits intomainfrom
byron/logout-with-www
Open

[auth] logout changes#3555
byronkarlen wants to merge 2 commits intomainfrom
byron/logout-with-www

Conversation

@byronkarlen
Copy link
Copy Markdown
Contributor

@byronkarlen byronkarlen commented Mar 27, 2026
edited
Loading

Why

Instead of waiting for sessions to expire server-side, logout should immediately invalidate the session. Users often have too many sessions at once, most of them unused.

Sessions used to be shared with the website, but are now separate with internal OAuth flow (#3542), so logging out from CLI won't affect website session. This would affect existing cli sessions though.

How

Hit /v2/auth/logout endpoint on eas logout. If it fails, just remove credential locally (existing behavior) and credential will soon expire.

Test Plan

Verified logout API call deleted session server-side. Website session remained. Also ran added unit tests.

@byronkarlen byronkarlen added the no changelog PR that doesn't require a changelog entry label Mar 27, 2026
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 27, 2026

Subscribed to pull request

File Patterns Mentions
**/* @douglowder

Generated by CodeMention

@byronkarlen byronkarlen force-pushed the byron/logout-with-www branch from ed9bb82 to 3bde8bb Compare March 27, 2026 18:54
@byronkarlen byronkarlen requested review from ide and tchayen March 27, 2026 18:55
@codecov
Copy link
Copy Markdown

codecov bot commented Mar 27, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 53.80%. Comparing base (113467c) to head (eccb4de).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3555      +/-   ##
==========================================
- Coverage   53.85%   53.80%   -0.04%     
==========================================
  Files         819      820       +1     
  Lines       34889    34984      +95     
  Branches     7268     7218      -50     
==========================================
+ Hits        18786    18821      +35     
- Misses      16012    16072      +60     
  Partials       91       91

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

ide
ide requested changes Mar 28, 2026
View reviewed changes
packages/eas-cli/src/user/SessionManager.ts
try {
await apiV2Client.postAsync('auth/logout', { body: {} });
} catch {
// Best-effort: clear the local session even if the server request fails
Copy link
Copy Markdown
Member

@ide ide Mar 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would be good to print the error to the debug log. This way most users don't see it but we also don't suppress the error when debugging.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 30, 2026

⏩ The changelog entry check has been skipped since the "no changelog" label is present.

@byronkarlen byronkarlen requested a review from ide March 30, 2026 00:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ide ide ide approved these changes

@tchayen tchayen Awaiting requested review from tchayen

Assignees

No one assigned

Labels

no changelog PR that doesn't require a changelog entry

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@byronkarlen @ide