All geek questions in one place

Exiting an external login service (Gmail, facebook) using oauth

I have an ASP.NET MVC 4 application that allows users to log in using external services like Gmail.

Until now, the user has the ability to log in and navigate through it. But the problem is logging out. I have a button to exit this request invoking the action of the LogOff() controller inside my AccountController . Inside this method, how can I log out if the user is authenticated through oauth?

In the local account, I use:

 public ActionResult LogOff() { WebSecurity.Logout(); return RedirectToAction("Login", "Account"); }

But with oauth I don’t see anything like it ... I think I need to clear some kind of cookie, but I don’t know how ...

+1
source share
3 answers

Based on this , I implemented the following client solution (earlier I ask if the user wants to leave the provider):

 //get accountType, accessToken, redirectUrl and clientID var accountType = ...; var accessToken = ...; var redirectUrl = ...; var clientID = ...; $("#logoutConfirmButton").on('click', function () { externalLogout(); }); function externalLogout() { var url, params; if (accountType== "facebook") { url = "https://www.facebook.com/logout.php"; params = { next: redirectUrl, access_token: encodeURIComponent(accessToken) }; performCallLogout(url, params, accountType); } else if (accountType== "google") { url = "https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout"; params = { next: redirectUrl } performCallLogout(url, params, accountType); } else if (accountType == "microsoft") { url = "https://login.live.com/oauth20_logout.srf"; params = { clientId: clientID, redirectUrl: redirectUrl } performCallLogout(url, params, accountType); } } function performCallLogout(url, params, accountType) { if (accountType == "facebook") { window.location.href = url + "?next=" + params.next + "&access_token=" + params.access_token; } else if (accountType == "google") { window.location.href = url + "?continue=" + params.next; } else if (accountType == "microsoft") { window.location.href = url + "?client_id=" + params.clientId + "&redirect_url=" + params.redirectUrl; } }

Hope this helps someone.

+2
source

WebSecurity.Logout(); will log out even if they authenticated through OAuth.

If you want to make sure that the token is not saved after logging out, you can call

Session.Remove("facebooktoken"); //Facebook example

Information is on this web page. Some more details are worth reading there too.

+1
source

Looks like you want to register a user on the original authentication site? Only an authentication site can delete / modify its cookies.

The solution is to redirect the user to the exit page for the authentication site or use the API script to register the user (if he exists for this site.) You can use the form with the "target" "to open a new window if you do not want to redirect the main browser window.

FaceBook, for example, has an API call:

FB.logout(function(response) { // user is now logged out });

The MVC FaceBook client has a GetLogoutUrl method that returns a URL that you can use on the server side.

+1
source

Source: https://habr.com/ru/post/947045/

More articles:


All Articles