Google+ Oauth 2.0 - Logout works well BUT automatically login after refreshing webpage
Pit via StackOverflow
Heading
I'm working on Google App Engine. Using Python with the webbapp2 framework.
I use Google API to login e logout. It seems to work well. Login and logout are perfect. This is the Google official guide: https://developers.google.com/+/web/signin/
The problem is that just after being logged out refreshing the page the user will automatically logged-in again.
This is Login Button with relative parameters:
<span
class="g-signin"
data-callback="signinCallback"
data-clientid="##################.apps.googleusercontent.com"
data-cookiepolicy="single_host_origin"
data-requestvisibleactions="http://schemas.google.com/AddActivity"
data-scope="https://www.googleapis.com/auth/plus.login https://www.googleapis.com/auth/userinfo.email">
<button type="button">GOOGLE+ LOGIN</button>
</span>
This is Logout Button:
<button onclick="disconnectUser()">Disconnect</button>
This is the Logout callback function:
<script type="text/javascript">
function disconnectUser(access_token) {
var revokeUrl = 'https://accounts.google.com/o/oauth2/revoke?token=' +
access_token;
// Esecuzione di una richiesta GET asincrona.
$.ajax({
type: 'GET',
url: revokeUrl,
async: false,
contentType: "application/json",
dataType: 'jsonp',
success: function(nullResponse) {
// Esegui un'azione, l'utente è disconnesso
// La risposta è sempre indefinita.
document.getElementById('signinButton').setAttribute('style', 'display: inherit');
document.getElementById('revokeButton').setAttribute('style', 'display: none');
},
error: function(e) {
// Gestione dell'errore
// console.log(e);
// Puoi indirizzare gli utenti alla disconnessione manuale in caso di esito negativo
// https://plus.google.com/apps
}
});
}
// È possibile attivare la disconnessione con un clic del pulsante
$('#revokeButton').click(disconnectUser);
</script>
What do you think? What could be the problem? Something concerning cookies setting?
Please DO NOT REPLY directly to this email but go to StackOverflow:
http://stackoverflow.com/questions/28325645/google-oauth-2-0-logout-works-well-but-automatically-login-after-refreshing-w
class via StackOverflow
You should be calling gapi.auth.signOut() to sign out the user. Disconnect, as you are implementing here, will disconnect the user from your application and de-authorize your application to make API calls on behalf of the user. An example would be:
<button onclick="gapi.auth.signOut()">Sign out</button>
See Signing out the user for more information on how to correctly sign out a user.
Please DO NOT REPLY directly to this email but go to StackOverflow:
class via StackOverflow
You should be calling gapi.auth.signOut() to sign out the user. Disconnect, as you are implementing here, will disconnect the user from your application and de-authorize your application to make API calls on behalf of the user. An example would be:
<button onclick="gapi.auth.signOut()">Sign out</button>
See Signing out the user for more information on how to correctly sign out a user.
Also worth noting, if you are running from localhost, logout may not work.
class via StackOverflow
You should be calling gapi.auth.signOut() to sign out the user. Disconnect, as you are implementing here, will disconnect the user from your application and de-authorize your application to make API calls on behalf of the user. An example would be:
<button onclick="gapi.auth.signOut()">Sign out</button>
See Signing out the user for more information on how to correctly sign out a user.
Also worth noting:
- If you are running from localhost, logout may not work.
- The Sign in callback is also called on failure: make sure to check that the error message is absent to check, i.e:
function signinCallback(authResult) {
if (authResult['status']['signed_in']) {
// Signed in
} else {
console.log('Sign-in failed: ' + authResult['error']);
}
}