On step 2. halcyon should logout @one@domain.tld from mastodon (and clear cookie or something ?)
Hi,
I really appreciate using Halcyon but as I often switch from 3 accounts I noticed it doesn't logout from mastodon.
How to reproduce :
0. logout from halcyon AND mastodon interface
1. login from halcyon with @one@domain.tld
2. logout from halcyon with @one@domain.tld
3. login from halcyon with @two@domain.tld
4. You are still logged with account @one@domain.tld
Expected :
On step 2. halcyon should logout @one@domain.tld from mastodon (and clear cookie or something ?)
That's basically how OAuth works.
Halcyon doesn't get your session cookie from Mastodon but only an access token.
In Mastodon you stay logged in when logging out from Halcyon and in Halcyon you stay logged in when logging out from Mastodon.
That's because there are two completely different sessions as if you would sign in on different devices.
All other clients do it the same way so there's no bug I can fix here.
That's basically how OAuth works.
Halcyon doesn't get your session cookie from Mastodon but only an access token.
In Mastodon you stay logged in when logging out from Halcyon and in Halcyon you stay logged in when logging out from Mastodon.
That's because there are two completely different sessions as if you would sign in on different devices.
All other clients do it the same way so there's no bug I can fix here.
Logout from halcyon should not and does not logout from Mastodon.
Though, when I login the second time on halcyon it should request another OAuth token for the second account, in halcyon.
But actually, I think halcyon just uses the previous OAuth token, from the previous session.
I think it's just halcyon related here. Maybe my first issue wasn't clear :)
Ho ok I understand, that's OAuth.
Logout from halcyon should not and does not logout from Mastodon.
Though, when I login the second time on halcyon it should request another OAuth token for the second account, in halcyon.
But actually, I think halcyon just uses the previous OAuth token, from the previous session.
I think it's just halcyon related here. Maybe my first issue wasn't clear :)
Halcyon uses the same App ID and App Secret for all users of the same Mastodon instance.
If you were logged in in the past,your Mastodon instance saves that the access was granted and automatically grants all future OAuth requests for the same instance.
You need to logout at Mastodon,then you will see a login page where you can select your account.
Halcyon uses the same App ID and App Secret for all users of the same Mastodon instance.
If you were logged in in the past,your Mastodon instance saves that the access was granted and automatically grants all future OAuth requests for the same instance.
You need to logout at Mastodon,then you will see a login page where you can select your account.
Hi,
I really appreciate using Halcyon but as I often switch from 3 accounts I noticed it doesn't logout from mastodon.
How to reproduce :
Expected :
On step 2. halcyon should logout @one@domain.tld from mastodon (and clear cookie or something ?)
That's basically how OAuth works. Halcyon doesn't get your session cookie from Mastodon but only an access token. In Mastodon you stay logged in when logging out from Halcyon and in Halcyon you stay logged in when logging out from Mastodon. That's because there are two completely different sessions as if you would sign in on different devices. All other clients do it the same way so there's no bug I can fix here.
Ho ok I understand, that's OAuth.
Logout from halcyon should not and does not logout from Mastodon.
Though, when I login the second time on halcyon it should request another OAuth token for the second account, in halcyon.
But actually, I think halcyon just uses the previous OAuth token, from the previous session.
I think it's just halcyon related here. Maybe my first issue wasn't clear :)
Halcyon uses the same App ID and App Secret for all users of the same Mastodon instance. If you were logged in in the past,your Mastodon instance saves that the access was granted and automatically grants all future OAuth requests for the same instance. You need to logout at Mastodon,then you will see a login page where you can select your account.