core-app-api: do not call connector.removeSession in StaticAuthSessionManager.removeSession

Signed-off-by: Mike Lewis <mtlewis@users.noreply.github.com>

.changeset/sixty-shrimps-kneel.md

@@ -0,0 +1,6 @@
+---
+'@backstage/core-app-api': patch
+---
+
+Stop calling connector.removeSession in StaticAuthSessionManager, instead just discarding the
+session locally.

packages/core-app-api/src/lib/AuthSessionManager/StaticAuthSessionManager.test.ts

@@ -83,7 +83,7 @@ describe('StaticAuthSessionManager', () => {
     expect(createSession).toHaveBeenCalledTimes(2);
   });
 
-  it('should remove session and reload', async () => {
+  it('should clear the local session', async () => {
     const removeSession = jest.fn();
     const manager = new StaticAuthSessionManager({
       connector: { removeSession },
@@ -91,7 +91,17 @@ describe('StaticAuthSessionManager', () => {
     } as any);
 
     await manager.removeSession();
-    expect(removeSession).toHaveBeenCalled();
     expect(await manager.getSession({ optional: true })).toBe(undefined);
   });
+
+  it('should not remove the session via the connector', async () => {
+    const removeSession = jest.fn();
+    const manager = new StaticAuthSessionManager({
+      connector: { removeSession },
+      ...defaultOptions,
+    } as any);
+
+    await manager.removeSession();
+    expect(removeSession).not.toHaveBeenCalled();
+  });
 });

packages/core-app-api/src/lib/AuthSessionManager/StaticAuthSessionManager.ts

@@ -71,9 +71,14 @@ export class StaticAuthSessionManager<T> implements MutableSessionManager<T> {
     return this.currentSession;
   }
 
+  /**
+   * We don't call this.connector.removeSession here, since this session manager
+   * is intended to be static. As such there's no need to hit the remote logout
+   * endpoint - simply discarding the local session state when signing out is
+   * enough.
+   */
   async removeSession() {
     this.currentSession = undefined;
-    await this.connector.removeSession();
     this.stateTracker.setIsSignedIn(false);
   }