All geek questions in one place

Sign out of Google Auth2.0

I'm currently trying to create a website where a user can log in to their google + account. Most of them work. I force them to provide access to my site. They can log in, and I get their name and user ID, and I display content specific to their google account on my site.

When someone else wants to log in, and I try to "log out" of the site, google magazine still remembers that he just logged in, and after logging out he instantly runs the code to log in again. If I delete the SSID cookie from google, this will not do it, so I assume that where google stores the fact that I just logged in with x.

Is there a way when I log out so that google does not instantly log in with the same account, but asks for the google email address and password?

I feel like I'm missing something obvious here, but I can't figure out how to handle this.

The code I use to authenticate and retrieve data:

<button class ="btn btn-primary" id="authorize-button" style="visibility: hidden">Log in</button> <script> var clientId = ''; var apiKey = ''; var scopes = ''; function handleClientLoad() { gapi.client.setApiKey(apiKey); window.setTimeout(checkAuth,1); } function checkAuth() { //alert("authorize"); gapi.auth.authorize({client_id: clientId, scope: scopes, immediate: true}, handleAuthResult); } function handleAuthResult(authResult) { //alert("authorized"); //alert(authResult.access_token); var authorizeButton = document.getElementById('authorize-button'); if (authResult && !authResult.error) { authorizeButton.style.visibility = 'hidden'; makeApiCall(); } else { authorizeButton.style.visibility = ''; authorizeButton.onclick = handleAuthClick; } var token = document.createElement('h4'); token.appendChild(document.createTextNode(authResult.access_token)); document.getElementById('content').appendChild(token); } function handleAuthClick(event) { gapi.auth.authorize({client_id: clientId, scope: scopes, immediate: false}, handleAuthResult); return false; } var x; function makeApiCall() { //return; gapi.client.load('plus', 'v1', function() { var request = gapi.client.plus.people.get({ 'userId': 'me' }); request.execute(function(resp) { x = resp.id; var heading2 = document.createElement('h4'); var heading3 = document.createElement('h4'); heading3.appendChild(document.createTextNode(resp.displayName)); heading2.appendChild(document.createTextNode(resp.id)); document.getElementById('content2').appendChild(heading2); document.getElementById('content3').appendChild(heading3); $.post("token.php", {id: x}); }); }); }
+6
source share
2 answers

When you make an out call, set confirmprompt to force. This will make the consent dialog appear every time. It overrides the default setting of "auto". You can learn more at https://developers.google.com/+/web/signin/#sign-in_button_attributes .

gapi.auth.authorize({client_id: clientId, scope: scopes, immediate: true, approvalprompt: force}

0
source

After a user authorizes your application, they basically logged into your application anytime they also logged into Google, especially if immediate mode is enabled.

Some sites have a link or a logout button that displays a page or dialogue that says something like the line "You are logged in to Google and this site with the account blah@blah.com. go to google.com and exit your session Google. "

You can also track the registered status of the user using your own cookies, and set and delete them during the relevant events in your code. You would like to refuse any tokens that your application received on behalf of the user during the logout event. When the user logs in again, they won’t need to re-authorize your application using the pop-up window (or redirection window), but when you call back, you still get a new access token.

0
source

Source: https://habr.com/ru/post/944924/

More articles:


All Articles