I implemented the Google OAuth2 login thread in my web server (using python / flask). My application redirects the user to Google, where they register with Google credentials and are redirected back to my application.
I am having trouble deciding on how to implement Logout functionality for this application. I can clear application session cookies, but this does not log the user out of Google. Therefore, if the user clicks "Login" after logging out, the redirection is sent to Google, and since the user is still subscribing to Google, they automatically (without even asking to re-enter credentials) sign back to my application.
This answer here gives a good overview of why its bad practice forces the user to log out of all Google services. If this is the only way, I will do it, but I guess there is a more elegant solution?
FWIW, "revocation" of access tokens also does not work. My application uses the profile and email realms for OAuth2 ( see this document ). They do not require explicit "permission" by the user, so there is no such thing as revoking access to these areas, which forces users to request a request during login.
In case this helps, I mainly used this document to implement OAuth2 stream functionality. I could post my code, but (1) All this in this article and (2) If you are not familiar with the / oauth 2 flask, it should be inappropriate to answer this question, I think.
Any thoughts would be great, thanks.
python flask google-oauth2 google-authentication google-api-python-client
Karan Erry Nov 07 '17 at 5:26 2017-11-07 05:26
source share