diff --git a/src/main/java/ch/ethz/seb/sebserver/gui/InstitutionalAuthenticationEntryPoint.java b/src/main/java/ch/ethz/seb/sebserver/gui/InstitutionalAuthenticationEntryPoint.java index 323e21e0..1fe53bf9 100644 --- a/src/main/java/ch/ethz/seb/sebserver/gui/InstitutionalAuthenticationEntryPoint.java +++ b/src/main/java/ch/ethz/seb/sebserver/gui/InstitutionalAuthenticationEntryPoint.java @@ -130,6 +130,12 @@ public final class InstitutionalAuthenticationEntryPoint implements Authenticati .getBean(AuthorizationContextHolder.class); final SEBServerAuthorizationContext authorizationContext = authorizationContextHolder .getAuthorizationContext(request.getSession()); + + // check first if we already have an active session if so, invalidate ir + if (authorizationContext.isLoggedIn()) { + authorizationContext.logout(); + } + if (authorizationContext.autoLogin(jwt)) { forwardToEntryPoint(request, response, this.guiEntryPoint, true); return; diff --git a/src/main/java/ch/ethz/seb/sebserver/gui/service/remote/webservice/auth/OAuth2AuthorizationContextHolder.java b/src/main/java/ch/ethz/seb/sebserver/gui/service/remote/webservice/auth/OAuth2AuthorizationContextHolder.java index fd5b6dfa..2314ab37 100644 --- a/src/main/java/ch/ethz/seb/sebserver/gui/service/remote/webservice/auth/OAuth2AuthorizationContextHolder.java +++ b/src/main/java/ch/ethz/seb/sebserver/gui/service/remote/webservice/auth/OAuth2AuthorizationContextHolder.java @@ -270,10 +270,6 @@ public class OAuth2AuthorizationContextHolder implements AuthorizationContextHol @Override public boolean autoLogin(final String oneTimeToken) { try { - // check first if we already have an active session if so, invalidate ir - if (this.isLoggedIn()) { - this.logout(); - } // Create ad-hoc RestTemplate and call token verification final RestTemplate verifyTemplate = new RestTemplate(this.clientHttpRequestFactory);