Oauth2 Authorization Code flow, can't log in after log out

[MykytaKryvenko]

Q&A (please complete the following information)

• OS: macOS
• Browser: chrome, safari
• Version: chrome 71.0, safari 11.1.2
• Method of installation: dist assets
• Swagger-UI version: 3.18.3
• Swagger/OpenAPI version: OpenAPI 3.0

Describe the bug you're encountering

It seems that log out functionality does not flushes authorization code received after successful Oauth2 log in. When you log out and logging in again token request sent again with the same code, not with the new one.

To reproduce...

1. Authorize with Oauth2 Authorization Code flow
2. Press Log Out
3. Try to authorize again

Expected behavior

You can successfully log out and authorize again with Authorization Code flow

[cgenin7]

I'm having the same issue. Also, if I reload the page after logging in, it shows as not logged in.

[shockey]

Yeah, seems like we should be flushing the data between logins.

if I reload the page after logging in, it shows as not logged in

@cgenin7 this is expected behavior, we don't store auth information between refreshes. Feel free to write a plugin that achieves this, Swagger Editor's local-storage is a good example of how to persist things in localStorage 😄

[shockey]

also see: #4904 and #4851.

[shockey]

#5316 might solve this, cc @leggsimon

[beatach]

I am having the same issue. Looks like #5316 solves it for api_key authorization, but not for OAuth2.

[ecampoBilbomatica]

When logging out using authorization code with PKCE it keeps returning invalid_grant (seems to not be clearing the authorization code). Only working if closing the popup. Detailed in #6959.