Hi, could someone explain how AuthenticationContext#logout is meant to be used?

I try it like this:
new Button("Sign out", VaadinIcon.SIGN_OUT.create(), e -> authenticationContext.logout());

I see it redirects to http://localhost:5000/login?logout but not as a browser redirect, so I get this error: Invalid JSON Response from server.

I am using Spring Security with OAuth2 (AWS Cognito).

Thank you.

BTW, the “classical” way works:

        SecurityContextLogoutHandler logoutHandler = new SecurityContextLogoutHandler();
        logoutHandler.logout(VaadinServletRequest.getCurrent().getHttpServletRequest(), null, null);

I can debug, that Spring SEcurity calls response.sendRedirect(...) but instead, I receive an error message like this in the UI:

AFAIK, it does a post to /logout and Spring Security handles that, redirecting to /login?logout

@secure-leopard I have created a new application from scratch and must confess, that the authenticationContext.logout works there perfectly. :see_no_evil: I will dig into my own configuration…

Found the issue: The default application uses in which configureLogoutis called and here a new UidlRedirectStrategyis set. As I am using OAuth2 login I don’t call setLoginView and therefore the UidlRedirectStrategy is missing. Spring Security then sends a real 302 redirect instead of UI…setLocation.