Best IT Recipes

How to exit the application where I used OAuth2 to log in to Google?

In my application, I have implemented Google signout using jsapi.

I used the https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=xxxxxx URL to connect to Google and then https://www.googleapis.com/plus/v1/people/xxxxxx to get the data google user profile.

Now I need to remove the user from Google by clicking a button from my application. How can I implement this in JavaScript, or at least it should request a Google login page every time a user logs in.

I tried approval_prompt=force but it doesn't seem to work.

+63
javascript api
Oct 16 '12 at 7:14
source share
4 answers

OAuth review: is there a user that he / she says he / she is ?:

I'm not sure if you used OAuth to log in to Stack Overflow, for example, "Login with Google", but when you use this function, Qaru simply asks Google if it knows who you are:

"Hey Google, this Vinesh fella claims it is vinesh.e@gmail.com, is that true?"

If you’re already logged in, Google will say β€œYES.” If not, Google will say:

"Put on the seconds stack overflow, I will authenticate this guy, and if he can enter the correct password for his Google account, then this is it."

When you enter your Google password, Google tells you that Qaru is what you say, and you can use Stack Overflow.

When you exit your application, you exit the application:

Here, where developers new to OAuth sometimes get a little confused ... Google and Stack Overflow, Assembla, Vinesh's-very-cool-slick-webapp, all different entities, and Google knows nothing about your Vinesh cool webapp account, and vice versa, in addition to what you opened through the API that you use to access profile information.

When your user logs out, he or she does not log out of Google, he logs out of your application, or Qaru or Assembla, or some web application used Google OAuth to authenticate the user.

In fact, I can log out of all Google accounts and still log into Stack Overflow. As soon as your application finds out who the user is, that person can exit Google. Google is no longer needed.

With that said, what you are asking for is to remove the user from a service that really does not belong to you. Think of it this way: As a user, how satisfied are you, if I logged into 5 different services with my Google account, then the first time I logged out of one of them, I need to log in to my Gmail account again, because the application developer decided that when I exit his application, should I also exit Google? It will be very fast. In short, you really don't want to do this ...

Yeh yeh, no matter what I want, I still want to get the user out of Google, just tell me how can I do this?

With that said, if you still want to register a user from Google and understand that you may well disrupt their workflow, you can dynamically create an exit URL from one of your Google exit buttons, and then invoke using the img element or tag script:

 <script type="text/javascript" src="https://mail.google.com/mail/u/0/?logout&hl=en" />

OR

 <img src="https://mail.google.com/mail/u/0/?logout&hl=en" />

OR

 window.location = "https://mail.google.com/mail/u/0/?logout&hl=en";

If you redirect your user to the exit page or call him from an element that is not cross-domain, the user will be logged out of Google.

Please note that this does not necessarily mean that the user will exit the application, only Google. :)

Summary:

What is important for you to keep in mind is that when you exit your application you do not need to re-enter the user password. It's all! It authenticates against Google, so the user does not need to enter his password again and again in every web application that he uses. This takes some getting used to, but be aware that while the user logs into Google, your application does not need to worry about whether the user is who he / she says that he / she is.

I have the same implementation in the project as you, using Google profile information using OAuth. I tried the same thing you are trying to try, and it really made people angry when they had to log in to Google again and again, so we stopped logging them out of Google. :)

+165
Oct 16 '12 at 7:28
source share

You can go out and redirect to your website:

 var logout = function() { document.location.href = "https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=http://www.example.com"; }
+15
Sep 15 '16 at 12:59
source share

It works for me (java - android)

 void RevokeAcess() { try{ HttpClient client = new DefaultHttpClient(); HttpPost post = new HttpPost("https://accounts.google.com/o/oauth2/revoke?token="+ACCESS_TOKEN); org.apache.http.HttpResponse response = client.execute(post); } catch(IOException e) { } CookieManager.getInstance().removeAllCookie(); // this is clear the cookies which tends to same user in android web view }

You must call this function in AsyncTask in android

+4
Apr 23 '14 at 13:32
source share

This works for me ...

 var auth2 = gapi.auth2.getAuthInstance(); auth2.signOut().then(function () { console.log('User signed out.'); });

Source: https://developers.google.com/identity/sign-in/web/sign-in

0
Apr 02 '17 at 9:42 on
source share


More articles:


All Articles