How to Logout of an Application Where I Used Oauth2 to Login with Google

How to Logout of an Application Where I Used OAuth2 To Login With Google?

Overview of OAuth: Is the User Who He/She Says He/She is?:

I'm not sure if you used OAuth to login to Stack Overflow, like the "Login with Google" option, but when you use this feature, Stack Overflow is simply asking Google if it knows who you are:

"Yo Google, this Vinesh fella claims that vinesh.e@gmail.com is him, is that true?"

If you're logged in already, Google will say YES. If not, Google will say:

"Hang on a sec Stack Overflow, I'll authenticate this fella and if he can enter the right password for his Google account, then it's him".

When you enter your Google password, Google then tells Stack Overflow you are who you say you are, and Stack Overflow logs you in.

When you logout of your app, you're logging out of your app:

Here's where developers new to OAuth sometimes get a little confused... Google and Stack Overflow, Assembla, Vinesh's-very-cool-slick-webapp, are all different entities, and Google knows nothing about your account on Vinesh's cool webapp, and vice versa, aside from what's exposed via the API you're using to access profile information.

When your user logs out, he or she isn't logging out of Google, he/she is logging out of your app, or Stack Overflow, or Assembla, or whatever web application used Google OAuth to authenticate the user.

In fact, I can log out of all of my Google accounts and still be logged into Stack Overflow. Once your app knows who the user is, that person can log out of Google. Google is no longer needed.

With that said, what you're asking to do is log the user out of a service that really doesn't belong to you. Think about it like this: As a user, how annoyed do you think I would be if I logged into 5 different services with my Google account, then the first time I logged out of one of them, I have to login to my Gmail account again because that app developer decided that, when I log out of his application, I should also be logged out of Google? That's going to get old really fast. In short, you really don't want to do this...

Yeh yeh, whatever, I still want to log the user out Of Google, just tell me how do I do this?

With that said, if you still do want to log a user out of Google, and realize that you may very well be disrupting their workflow, you could dynamically build the logout url from one of their Google services logout button, and then invoke that using an img element or a script tag:

<script type="text/javascript" 
    src="https://mail.google.com/mail/u/0/?logout&hl=en" />

OR 

<img src="https://mail.google.com/mail/u/0/?logout&hl=en" />

OR 

window.location = "https://mail.google.com/mail/u/0/?logout&hl=en";

If you redirect your user to the logout page, or invoke it from an element that isn't cross-domain restricted, the user will be logged out of Google.

Note that this does not necessarily mean the user will be logged out of your application, only Google. :)

Summary:

What's important for you to keep in mind is that, when you logout of your app, you don't need to make the user re-enter a password. That's the whole point! It authenticates against Google so the user doesn't have to enter his or her password over and over and over again in each web application he or she uses. It takes some getting used to, but know that, as long as the user is logged into Google, your app doesn't need to worry about whether or not the user is who he/she says he/she is.

I have the same implementation in a project as you do, using the Google Profile information with OAuth. I tried the very same thing you're looking to try, and it really started making people angry when they had to login to Google over and over again, so we stopped logging them out of Google. :)

Google OAuth2.0 logout not working on localhost but working in console

I found the solution, it seems that you can only call signOut method after the signinCallback has fired. So far as I can tell, the only way to fire the signinCallback is to put a sign-in button on the page.

Keeping a hidden sign-in button where my logout button is written did the trick for me.

Included this in header.tpl where my logout button is written

    <div style = "display:none" align="middle" class="g-signin2" data-cookiepolicy='single_host_origin' data-onsuccess="onSignIn"></div>

Can't signOut of Google OAuth2

Try using the revoking token HTTP/REST method:

To programmatically revoke a token, your application makes a request
to https://accounts.google.com/o/oauth2/revoke and includes the token
as a parameter:

curl -H "Content-type:application/x-www-form-urlencoded" \
        https://accounts.google.com/o/oauth2/revoke?token={token}

The token can be an access token or a refresh token. If the token is
an access token and it has a corresponding refresh token, the refresh
token will also be revoked.


Related Topics

Jquery Checkbox Checked State Changed Event

Jquery to Loop Through Elements with the Same Class

Safari 3Rd Party Cookie Iframe Trick No Longer Working

What's the Difference Between Window.Location= and Window.Location.Replace()

Parse JSON String into a Particular Object Prototype in JavaScript

Remove Last Item from Array

Spread Syntax Es6

What's the Cause of the Error 'Getaddrinfo Eai_Again'

How to Convert Date to Timestamp

Check If Event Exists on Element

Detecting When a Div's Height Changes Using Jquery

Console Log the State After Using Usestate Doesn't Return the Current Value

Pass Data or Modify Extension HTML in a New Tab/Window

JavaScript Thousand Separator/String Format

Sending Credentials with Cross-Domain Posts

Onload' Handler for 'Script' Tag in Internet Explorer

Angularjs Changes Urls to "Unsafe:" in Extension Page

Escaping Strings in JavaScript


Leave a reply



Submit