XpansionChain
  • Overview of XpansionChain
    • What is it?
    • What are its layer 2 solutions?
    • What can you build on it ?
    • Fees
  • Launch a collection
    • Overview
    • Smart contract requirements for minting on layer 2
    • 1. Register as a user
    • 2. Register a project
    • 3. Register a collection
    • 4. Register collection metadata schema
  • Guides
    • Overview
    • Basic guides
      • Install and initialize
      • Get data
        • Projects
        • Collections
        • Assets
        • Orders
        • Transfers​
        • Tokens
        • Trades
        • Users
      • Generate signers
      • Register users
      • Creating orders
      • Creating trades
      • Mint assets
      • Asset transfers
      • Asset deposits and withdrawals
      • Crypto on and off-ramps
  • Advanced guides
    • Burn assets
    • Refresh asset metadata
    • Withdraw payouts
    • Maker taker fees
    • NFT primary sale card checkout
      • Set up required endpoints
      • Implement primary sale card checkout feature
    • Design guides
    • JS SDK
      • Overview
      • Install and configure
      • Account management
      • Personal inventory
      • Marketplaces
      • Collection sample
      • Minting with royalties
      • NodeJS 16.x migration
    • Link SDK
      • Overview
      • Link.setup
      • Link.transfer
      • Link.batchNftTransfer
      • Link iFrame Support
      • Link.buy
      • Link.prepareWithdrawal
      • Link.completeWithdrawal
      • Link.sell and ERC20 support
      • Link.deposit
      • Link.sign
      • Link.onramp
      • Link.offramp
      • Link Easy Login
      • Link Errors
      • Link.nftCheckoutPrimary
      • Link Events
      • Offers
        • Link.makeOffer
        • Link.cancelOffer
        • Link.acceptOffer
    • Quickstart tutorials
      • NFT minting tutorial
  • Products
    • Passport
      • Install and configure
        • Register your application
        • Install and initialise
        • Enable user login
        • Log out a user
      • Enable user identity
        • Get user information
        • Get and validate JWTs
      • Enable user wallet interactions
        • IMX Provider
        • Choose the right integration
        • Transaction confirmations
        • Guides
          • Transfer
  • SDKs
    • XpansionChain SDK - Typescript
    • Unity SDK
    • CORE SDK
      • Typescript
      • Golang
      • C#
      • Kotlin
      • Swift
    • Wallet SDK
      • WEB
      • Android
      • iOS
  • Key concepts
    • Anatomy of a smart contract
    • Deep dive into minting
    • Deep dive into metadata
    • Deep dive into royalties
    • Deep dive into deposits and withdrawals
    • Deep dive into API concepts
  • Troubleshooting
    • API
      • error codes
      • hangelog
      • rate limits
    • FAQ
    • Webpack 5 errors
    • Token data object
  • Resources
Powered by GitBook
On this page
  • Log out a user
  • How to logout a user?​
  • Next steps​
  1. Products
  2. Passport
  3. Install and configure

Log out a user

PreviousEnable user loginNextEnable user identity

Last updated 1 year ago

Log out a user

This page instructs you how to log users out of Passport and your application.

Pre-requisites

  • The user must be logged into your application via Passport

How to logout a user?

When a user authenticates through Passport, there are two "sessions" you need to account for. The Passport session layer maintains a session between the user and Passport in auth.XpansionChain.com, and the application session layer maintains a session between the user and your application through JWTs.

In order to log out a user from your application and Passport, you can use the logout function on the Passport instance.

Depending on the logout mode you specify, the user will be redirected to the Passport auth domain or silently logged out within your application. You can specify the logout mode when you initialize the Passport instance by setting the logoutMode to either 'redirect' or 'silent'.

// 1. Initialise Passport and set the preferred logout mode
const passport = new Passport({
  logoutRedirectUri: 'http://localhost:3000',
  logoutMode: 'redirect', // defaults to 'redirect' if not set
  // ...
});

// 2. authenticate user
// ... refer to the "Enable user login" page for more information

// 3. Log the user out
await passport.logout();

The simplest approach is to use the 'redirect' logout mode, which works as follows:

  1. The application session is cleared by removing the JWT from the browser's local storage

  2. The user is redirected to the Passport auth domain, where the Passport session is cleared

  3. The user is redirected back to the specified logoutRedirectUri

Alternatively, you can use the 'silent' logout mode which is less intrusive and does not require a top-level redirect. However, in order to use this mode, you must set up a callback URL that invokes the logoutSilentCallback function:

// Assume your application is hosted in http://localhost:3000
// 1. Initialise Passport and set the preferred logout mode
const pasport = new Passport({
  logoutRedirectUri: 'http://localhost:3000/silent-logout',
  logoutMode: 'silent',
  // ...
});

// 2. authenticate user
// ... refer to the "Enable user login" page for more information

// 3. Log the user out
await passport.logout();

// 4. Route handler for /silent-logout
await passport.logoutSilentCallback('http://localhost:3000');

The logoutSilentCallback function accepts a single parameter, which is the URL of the page that initiated the logout. In other words, if you initiate the logout from http://localhost:3000, then you should pass http://localhost:3000.

The 'silent' logout mode works as follows:

  1. The application session is cleared by removing the JWT from the browser's local storage

  2. A hidden iframe is created with the XpansionChain auth domain's logout URL where the Passport session is cleared

  3. The iframe is redirected to the specified logoutRedirectUri

  4. Your application handles the logoutRedirectUri request and invokes the logoutSilentCallback function. This causes the iframe to emit an event to the parent window which completes the logout flow.

  5. The hidden iframe is removed

Now that you've integrated Passport into your application & set up the login flow, you are ready to integrate more of the Passport functionality. Learn more about how authentication works in Passport in the Identity guide.

Logout modes

Redirect mode

Silent mode

Next steps

​
​
​
​
​
​