I’m working on an application that will use Okta for authentication. I used
phx.gen_auth as a starting place and then used this blog post for reference in adding OAuth using the Ueberauth library with the Okta strategy.
Then I added a few more tweaks so that unauthenticated users would be routed directly to the Okta sign-in page instead of going to the generated Log In page.
I have the LiveView protected by the
:require_authenticated_user plug in the router, and I also have an
on_mount hook that uses the
Accounts.get_user_by_session_token(user_token) method to check for an authenticated user and redirects to the login page if there isn’t a user logged in.
Everything is working great with getting the user logged in, but things get a little strange on log out when I have more than one tab open in the same browser, and both tabs are on the page with the protected LiveView.
On the tab where I click “Log out,” I’m redirected back to the home page with the flash message telling my that my log out was successful. In the database, I can see that the session token has been deleted.
In the second tab - the
I think everything is working as it’s meant to work, but as a user - it feels a little uncomfortable. I would prefer to be logged out of all tabs until I take some action to log back in.
Would it make sense to use a JS hook to listen for the
disconnect event and redirect to an unauthenticated page? I think that would happen on a disconnect for any reason, which isn’t quite what I want either - but maybe broadcasting a more specific event that I could listen to from a JS hook?
Or is there another approach that would be better?