Skip to content

Prevent OD api calls during SSO sign out #83440

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
AndrewGable merged 3 commits into from
Mar 18, 2026
Merged

Prevent OD api calls during SSO sign out #83440

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4ab3e69
Prevent OD api calls during SSO sign out
jnowakow Feb 25, 2026
45d427b
Fix linter
jnowakow Feb 25, 2026
3c26530
Fix prettier
jnowakow Feb 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions ...brid-app/android/src/main/java/com/expensify/reactnativehybridapp/ReactNativeHybridApp.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,4 +70,12 @@ class ReactNativeHybridApp(reactContext: ReactApplicationContext) :
override fun clearOldDotAfterSignOut() {
Log.d(NAME, "`clearOldDotAfterSignOut` should never be called in standalone `New Expensify` app")
}

override fun startSignOut(){
Log.d(NAME, "`startSignOut` should never be called in standalone `New Expensify` app")
}

override fun cancelSignOut(){
Log.d(NAME, "`cancelSignOut` should never be called in standalone `New Expensify` app")
}
}
8 changes: 8 additions & 0 deletions modules/hybrid-app/ios/ReactNativeHybridApp.mm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,14 @@ - (void)signOutFromOldDot {
NSLog(@"[ReactNativeHybridApp] `signOutFromOldDot` should never be called in standalone `New Expensify` app");
}

- (void)startSignOut {
NSLog(@"[ReactNativeHybridApp] `startSignOut` should never be called in standalone `New Expensify` app");
}

- (void)cancelSignOut {
NSLog(@"[ReactNativeHybridApp] `cancelSignOut` should never be called in standalone `New Expensify` app");
}

- (void)clearOldDotAfterSignOut {
NSLog(@"[ReactNativeHybridApp] `clearOldDotAfterSignOut` should never be called in standalone `New Expensify` app");
}
Expand Down
2 changes: 2 additions & 0 deletions modules/hybrid-app/src/NativeReactNativeHybridApp.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ export interface Spec extends TurboModule {
onURLListenerAdded: () => void;
signInToOldDot: (autoGeneratedLogin: string, autoGeneratedPassword: string, authToken: string, email: string, policyID: string, signingInWithSAML?: boolean) => void;
signOutFromOldDot: () => void;
startSignOut: () => void;
cancelSignOut: () => void;
clearOldDotAfterSignOut: () => void;
}

Expand Down
6 changes: 6 additions & 0 deletions modules/hybrid-app/src/index.native.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,12 @@ const HybridAppModule: HybridAppModuleType = {
signOutFromOldDot() {
ReactNativeHybridApp.signOutFromOldDot();
},
startSignOut() {
ReactNativeHybridApp.startSignOut();
},
cancelSignOut() {
ReactNativeHybridApp.cancelSignOut();
},
clearOldDotAfterSignOut() {
ReactNativeHybridApp.clearOldDotAfterSignOut();
},
Expand Down
8 changes: 8 additions & 0 deletions modules/hybrid-app/src/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,14 @@ const HybridAppModule: HybridAppModuleType = {
// eslint-disable-next-line no-console
console.warn('HybridAppModule: `signOutFromOldDot` should never be called on web');
},
startSignOut() {
// eslint-disable-next-line no-console
console.warn('HybridAppModule: `startSignOut` should never be called on web');
},
cancelSignOut() {
// eslint-disable-next-line no-console
console.warn('HybridAppModule: `cancelSignOut` should never be called on web');
},
clearOldDotAfterSignOut() {
// eslint-disable-next-line no-console
console.warn('HybridAppModule: `clearOldDotAfterSignOut` should never be called on web');
Expand Down
2 changes: 2 additions & 0 deletions modules/hybrid-app/src/types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ type HybridAppModuleType = {
onURLListenerAdded: () => void;
signInToOldDot: (args: {autoGeneratedLogin: string; autoGeneratedPassword: string; authToken: string; email: string; policyID: string; signingInWithSAML?: boolean}) => void;
signOutFromOldDot: () => void;
startSignOut: () => void;
cancelSignOut: () => void;
clearOldDotAfterSignOut: () => void;
};

Expand Down
7 changes: 7 additions & 0 deletions src/libs/actions/Session/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@
let isHybridAppSetupFinished = false;
let hasSwitchedAccountInHybridMode = false;

Onyx.connect({

Check warning on line 82 in src/libs/actions/Session/index.ts

View workflow job for this annotation

GitHub Actions / Changed files ESLint check 

Onyx.connect() is deprecated. Use useOnyx() hook instead and pass the data as parameters to a pure function
key: ONYXKEYS.SESSION,
callback: (value) => {
session = value ?? {};
Expand All @@ -104,25 +104,25 @@
});

let stashedSession: Session = {};
Onyx.connect({

Check warning on line 107 in src/libs/actions/Session/index.ts

View workflow job for this annotation

GitHub Actions / Changed files ESLint check 

Onyx.connect() is deprecated. Use useOnyx() hook instead and pass the data as parameters to a pure function
key: ONYXKEYS.STASHED_SESSION,
callback: (value) => (stashedSession = value ?? {}),
});

let credentials: Credentials = {};
Onyx.connect({

Check warning on line 113 in src/libs/actions/Session/index.ts

View workflow job for this annotation

GitHub Actions / Changed files ESLint check 

Onyx.connect() is deprecated. Use useOnyx() hook instead and pass the data as parameters to a pure function
key: ONYXKEYS.CREDENTIALS,
callback: (value) => (credentials = value ?? {}),
});

let stashedCredentials: Credentials = {};
Onyx.connect({

Check warning on line 119 in src/libs/actions/Session/index.ts

View workflow job for this annotation

GitHub Actions / Changed files ESLint check 

Onyx.connect() is deprecated. Use useOnyx() hook instead and pass the data as parameters to a pure function
key: ONYXKEYS.STASHED_CREDENTIALS,
callback: (value) => (stashedCredentials = value ?? {}),
});

let activePolicyID: OnyxEntry<string>;
Onyx.connect({

Check warning on line 125 in src/libs/actions/Session/index.ts

View workflow job for this annotation

GitHub Actions / Changed files ESLint check 

Onyx.connect() is deprecated. Use useOnyx() hook instead and pass the data as parameters to a pure function
key: ONYXKEYS.NVP_ACTIVE_POLICY_ID,
callback: (newActivePolicyID) => {
activePolicyID = newActivePolicyID;
Expand Down Expand Up @@ -265,6 +265,9 @@
})
.then((result) => {
if (result && result.type !== 'success') {
if (CONFIG.IS_HYBRID_APP) {
HybridAppModule.cancelSignOut();
}
return Promise.reject(Error('Logout cancelled'));
}
// We always want to sign out the user from the app
Expand Down Expand Up @@ -339,6 +342,10 @@
const isSupportal = isSupportAuthToken();
const shouldRestoreStashedSession = isSupportal || shouldForceUseStashedSession;

if (CONFIG.IS_HYBRID_APP && shouldSignOutFromOldDot) {
HybridAppModule.startSignOut();
}

// We'll only call signOut if we're not stashing the session and not restoring a stashed session,
// otherwise we'll call the API to invalidate the autogenerated credentials used for infinite
// session.
Expand Down
Loading