Skip to content

[WIP] Integrate OAuth2/OIDC logout on bookmark deletion #1478

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 4 commits into
base: master
Choose a base branch
from
Draft

[WIP] Integrate OAuth2/OIDC logout on bookmark deletion #1478

wants to merge 4 commits into from

Conversation

michaelstingl
Copy link
Contributor

@michaelstingl michaelstingl commented Jul 8, 2025
edited
Loading

Description

This PR integrates OAuth2/OIDC logout functionality into the bookmark deletion flow. When users delete a bookmark (or "log out" in branded builds), the app now properly logs out from the identity provider before removing local data.

Changes

  • Modified OCBookmarkManager+Management.swift to call deauthenticateConnection during bookmark deletion
  • Logout happens asynchronously before vault erasure
  • Refactored vault erasure logic into separate method performVaultErasure
  • Deletion proceeds even if logout fails (user-friendly approach)

Related Issue

Currently no issue exists for this feature. This addresses the inconsistency where iOS app users remained logged in at the IdP level after removing bookmarks.

Motivation and Context

Users expect that removing an account from the app also logs them out from the server. The current behavior only removes local data, leaving active sessions on the identity provider. This PR brings the iOS app in line with the web client's logout behavior.

How Has This Been Tested?

  • Tested bookmark deletion with ownCloud 10 (OAuth2)
  • Tested bookmark deletion with oCIS (OIDC)
  • Tested deletion when offline (should still succeed)
  • Verified no sessions remain at IdP after deletion
  • Tested with external OIDC providers (Keycloak, etc.)

Screenshots (if appropriate):

N/A - Uses existing deletion UI

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • Added an issue with details about all relevant changes in the iOS documentation repository.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • Added changelog files for the fixed issues in folder changelog/unreleased

michaelstingl and others added 4 commits July 8, 2025 22:12
@michaelstingl @claude
Integrate OAuth2/OIDC logout on bookmark deletion
70fe645 
- Call deauthenticateConnection before erasing vault when deleting bookmarks
- Ensures proper logout at IdP level (token revocation/OIDC end session)
- Maintains user-friendly behavior: deletion proceeds even if logout fails
- Update SDK submodule to include logout support

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>
@michaelstingl @claude
Update SDK to include oidc-post-logout-redirect-uri configuration
4e17ff8 
🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>
@michaelstingl @claude
Update SDK to fix CI build issue
1f591f3 
🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>
@michaelstingl @claude
Update SDK to fix more CI build issues
96a7498 
🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@michaelstingl