Firebase logout not working as supposed to

7,307 views
Skip to first unread message

IGOR LEVKOVSKY

unread,
Apr 17, 2018, 6:11:08 PM4/17/18
to Firebase Google Group

I'm using Firebase authentication with google accounts in my website. Login process works fine, but I have a problem with logout. Everything seems fine when user clicks "logout" button, but when "login" button is clicked again, after logout, the previously signed in user is loged in automaticaly - no prompt for credentials. That happens even in incognito mode. 

This is the code i'm using for login and logout, the functions are called on click of login/logout buttons, All the communication with Firebase services happens here:


function login() {	
	firebase.initializeApp(settings);
	var provider = new firebase.auth.GoogleAuthProvider();
	
	firebase.auth().signInWithPopup(provider).then(function(result) {
		var token = result.credential.accessToken;
		sessionStorage.setItem('tokenK', token);
		var user = result.user;
		sessionStorage.setItem('displayName', displayName);
		sessionStorage.setItem('userName', user.email);
	}).catch(function(error) {
		var errorCode = error.code;
		var errorMessage = error.message;
		var email = error.email;
		var credential = error.credential;
	});
}
function logOut(){  
    firebase.initializeApp(settings);

    firebase.auth().signOut().then(function() {
            sessionStorage.removeItem('tokenK');
            sessionStorage.removeItem('displayName');
            sessionStorage.removeItem('userName');
            window.open('index.html', '_self');                 
    }).catch(function(error) {
        console.log(error);
    }); 
}

Kato Richardson

unread,
Apr 21, 2018, 3:10:13 PM4/21/18
to Firebase Google Group
Hi Igor,

You're confused on exactly what signOut() does here. That deletes the access token used by Firebase to confirm the users' identity. On their next auth attempt, they are sent back to the OAuth provider to revalidate and a new Auth ID token is issued by Firebase. 

This doesn't have anything to do with the client's OAuth provider (Google in this case) and doesn't log them out of their account. That's a separate service outside Firebase's purview.

Are you looking to support multiple Google accounts and to display the account picker in each case?

☼, Kato

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/fa621acb-e036-4920-bb11-5adf08190f21%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--

Kato Richardson | Developer Programs Eng | kato...@google.com | 775-235-8398

Kato Richardson

unread,
Apr 21, 2018, 3:17:02 PM4/21/18
to Firebase Google Group
FYI - I found this post that explains how to force the account picker, and adds a bit more context.

IGOR LEVKOVSKY

unread,
May 13, 2018, 7:04:19 PM5/13/18
to Firebase Google Group
Thanks for your answer it helps me a lot to desgise my real problem.

But multiple accounts support isn't my MAIN goal. My main goal is to provide a FULL logout, which means that user who logs into my system with google account through firebase, will be able tofully log out.
What happens now isthat even that the user is logged out of my system, the moment he press login, he authmaticaly logged in with previous user.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.

To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/fa621acb-e036-4920-bb11-5adf08190f21%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--

Kato Richardson | Developer Programs Eng | kato...@google.com | 775-235-8398

Kato Richardson

unread,
May 14, 2018, 3:25:56 PM5/14/18
to Firebase Google Group
If by "totally log out" you mean also log them out of Google, then that isn't possible with Firebase Authentication and isn't normally appropriate. Logging out of an app should not also log a user out of Gmail or Facebook, for example. That would be pretty annoying.

However, if you have some use case where it's appropriate to revoke someone's Google or Facebook login status, then you would need to manage the authentication through that service instead of Firebase, and pass the credentials into Firebase using signInWithCredential(). This would allow you to control access to the OAuth provide (e.g. Google) separately from Firebase Authentication and log them out of that system as well.

☼, Kato

To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/a02c86d9-c53d-4b8c-b07d-ae46ee7e3aa8%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages