Skip to main content

I'm not sure how to start, but we have a node app that was built off the example oauth app from the dev guide. It's been built out to basically monitor the presence status of an extension, updating every 5 seconds. Multiple users should be able to login and their sessions are being stored using express-session and MySQL store.


It seemed to work fine but when testing with multiple users, if one user hits the /logout endpoint, then the other user(s) get logged out as well. I have no idea where to start with this or what could be causing it. Shouldn't each user have their own session tokens, I can see the sessions in the MySQL sessions table and it appears to create a new session for each login, but for some reason the tokens are revoked for all users when only one user hits logout.


I'm using this code for the /logout endpoint taken from the dev guide:


app.get("/logout", async function (req, res) {
if (req.session.tokens != undefined) {
const platform = rcsdk.platform();
platform.auth().setData(req.session.tokens);
if (platform.loggedIn()) {
try {
const resp = await platform.logout();
console.log("logged out");
} catch (e) {
console.log(`/logout error:`, e.message);
}
}
req.session.tokens = null;
}
res.redirect("/");
});

Please let me know if any more information is needed, I'm trying to figure it out and tweak things but I honestly have no idea if it's because platform.logout() will revoke all the tokens (which I think it shouldn't since each login has their own token pairs).

The app is pretty simple but it has this issue which pretty much makes it useless since all users have to relogin when one logs out.

The dev guide I followed to get the skeleton of the app:

https://developers.ringcentral.com/guide/authentication/quick-start

I notice now that the sample code has some mistakes. You can fix it on your code by adding the 'await' keyword to the async function calls.

const platform = rcsdk.platform();
await platform.auth().setData(req.session.tokens);
if (await platform.loggedIn()) {
try {
const resp = await platform.logout();
console.log("logged out");
} catch (e) {
console.log(`/logout error:`, e.message);
}
}

For supporting multiple users read this section to set the SDK configurations.


I'm not sure I'm understanding the linked GH readme. Do I need to create an instance of the rcsdk for EACH user that will login? There's going to be 60 or so users that will be logging into this app. Shouldn't it handle multiple users and have their session data separate? Or do I have to instantiate 60 different rcsdk instances for each user that logs in?

In a node.js app this seems really weird. Maybe I'm just not clear on what the documentation is trying to convey.



Reply