How do I delete the id_token recorded in localStorage after logging out?

s-nakamatsu · June 28, 2023, 12:15am

Hello,

I hope this message finds you well. I have been using web3auth in conjunction with Firebase for Google account authentication. The login and logout functionality seems to be working fine. However, upon inspecting the browser’s localStorage after logging out, I noticed that the id_token of the previously logged-in user is still present. This means that personal information such as the user’s name and email address can still be retrieved from the id_token, which I believe is a concern for applications handling sensitive user data.

I have thoroughly checked the web3auth documentation but couldn’t find any information regarding the removal of these user details after logout. Is there a way provided by web3auth to delete this information after a user logs out?

I would greatly appreciate any guidance or insights you can provide on this matter.

Thank you for your time and assistance.

vjgee · June 28, 2023, 1:54am

@s-nakamatsu Thanks for reaching out.

Your request has been forwarded to a team and we will get back with further updates.

shahbaz · June 28, 2023, 3:21am

Greetings @s-nakamatsu,

It appears that you are currently utilizing an outdated version of our SDK. However, I’m pleased to inform you that the latest SDK has already resolved this problem. To resolve this issue, kindly upgrade to v6.1.1.

s-nakamatsu · June 28, 2023, 4:51am

Thank you for your response.
As you said, the version of the SDK we are using seems to be out of date.

I will update to the latest version and check.

s-nakamatsu · June 29, 2023, 11:18pm

@shahbaz
Thanks for the reply.

I upgraded my Web3Auth version to 6.1.1 and tried it.

As a result, the only thing that changed was the location where it was stored from the last time.
I was able to retrieve the personal information of the person who logged in last time after logging out.

Also, parsing the oAuthIdToken in the openlogin_store, I was able to get the email address, name, etc. of the Google account.

archit · July 1, 2023, 4:27pm

Hi @s-nakamatsu, I think it’s the already saved information in browser storage. Please try to clear the storage once and then login back.

For reference, pls check out the sample app at https://demo-app.web3auth.io

Thanks

s-nakamatsu · July 31, 2023, 1:54am

Sorry for the delay in confirming.

I confirmed that the contents of openlogin_store in local storage is {"sessionId":""} after logout.

Thank you very much for your response!

system · September 29, 2023, 1:55am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.