Groupme auth logout
538 views
Skip to first unread message
Stanley Chan
Aug 9, 2015, 5:17:36 PM8/9/15
to GroupMe API Support
Hi,
I posted this a while back and noone has answered.
I am using the API to authenticate users in my app.
When the user logs out the app, it does not log them out of groupme authentication.
How can I prevent the next person logging into the app from accessing the previous user's groupme from the same computer?
I need to ensure logout and a proper redirect to a new sign in page for the next user.
Thank you
Jake Bathman
Aug 10, 2015, 12:30:12 AM8/10/15
to Stanley Chan, GroupMe API Support
How are you storing the authentication after the user log in to GroupMe?
--
--
Jake Bathman
When a user logs out of your site, you should destroy their session cookie for your site. Then, new visitors should be sent to the GroupMe oAuth page for sign-in, which should be stateless and won't remember a prior sign in (e.g. https://oauth.groupme.com/oauth/authorize?client_id={$groupMeClientId}
I guess I'm not following your dilemma exactly.
Jake
--
You received this message because you are subscribed to the Google Groups "GroupMe API Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to groupme-api-sup...@googlegroups.com.
To post to this group, send email to groupme-a...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/groupme-api-support/d37f2a22-e1f1-4574-a216-720670ebeabe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
--
Jake Bathman
Stanley Chan
Aug 10, 2015, 12:34:59 AM8/10/15
to GroupMe API Support
Admittedly, I am new at this.
I am using django and to my understanding and testing, when I invoke the logout feature in django, it does destroy session cookies.
However, It seems to me that when the new user is redirected to that auth page, it somehow remembers the old user and authenticates back with the same authentication token.
The only way for me to get around this is to manually clear the browser cookie history.
Is the auth token the thing I should be destroying upon log out?
Thanks,
Stan
Jake Bathman
Aug 10, 2015, 12:40:36 AM8/10/15
to Stanley Chan, GroupMe API Support
Hmmm weird. I'm not seeing that with some quick testing right now, as successive loadings of https://oauth.groupme.com/oauth/authorize give me a new login box each time.
The way the oAuth spec works is that you're meant to redirect the user to the GroupMe oAuth page, and on return you'll be given a token. If that's going to be used long-term by your app, you'll store that somewhere in a database and typically assign the user your own token (or otherwise associate their current session with the GroupMe token).
But surely there's a way to force a new GroupMe login at the oAuth page. Maybe one of the GroupMe folks has an idea on that.
--
You received this message because you are subscribed to the Google Groups "GroupMe API Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to groupme-api-sup...@googlegroups.com.
To post to this group, send email to groupme-a...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/groupme-api-support/7818b7f9-ed8b-4ff2-82b4-f5e586d1fc8d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages