I have succesfully setup a NodeJS web application that uses the Microsoft Graph API. There is only one silly problem.
So if a user wants to use the application, he has to log in first. Thats why the first page of my app is the authentication url of the Microsoft API. After the user has succesfully logged in, he is send to the homepage. Now when the user clicks on logout button, problems begin to appear.
As I have said earlier, the first page of the app is the auth url from Microsoft API. When the user logs out he is send back to that same url, because he is not logged in anymore. While he is being send to the login url, microsoft automatically logs the user back in.
So my question is, is there a way the user isn't logged in autmatically after he signed out?
I know this has to do with the cookies from login.live.com. Because if I delete them I have to mannually sign in again.
The solution is to use prompt parameter. docs.
Related
I followed the tutorial to Build JavaScript single-page apps with Microsoft Graph, and use it for my real project.
With this tutorial, I could able to create the web app for login user and create a calendar event. The problem is the session is always quickly expired as soon as I refresh so that I have to login again and again. Is there any way I can keep user still login after refresh browser. I wish it just like the google calendar id here that can keep user signed in even after fresh browser. Thanks.
Use localStorage to store the logged in user details. On refresh or the first visit to your site, first check to see if the details are available in local storage. If they are available, then log in the user automatically. Otherwise request the user to login and save the details in local storage.
When the user authenticateswith the "sign in" with google button with javascript the user is redirected into my webapp basedon the successful return. I pass the id-token to the backend and use $client->verifyIdToken($id_token); to fetch and can get the userid ('sub'). Great!
When the user wants to logout, I need to kill the session on the backend so I have a page /logout that logs the user out and then redirects to the top page. However, the top page javascript login box still indicates that the user is signed in and triggers a sign in and gets redirected back into the webapp which is bad. If the user has logged out, I want them to have to click the Google "Sign in" button again and have it run automatically.
I've looked through all the documentation I can find for the PHP backend and I can't seem to find any way to log the user out of my app. I've even tried calling $client->revokeToken(); on the backend on the logout page but it has no effect.
Is there anyway to logout the Google user from my app on the backend or am I forced to detect if the user is logged in, call this javascript first and then proceed to my logout page?
<script>
function signOut() {
var auth2 = gapi.auth2.getAuthInstance();
auth2.signOut().then(function () {
console.log('User signed out.');
});
}
</script>
It would seem to me that there should be a logout from google (or revoke the current session in webapp (token?) ) from the backend but I can't find it for the life of me.
Google does not allow for third party logout. That being said your application can not log a user out of Google. If they allowed that then your app could also log me out of Stack overflow and every other third party website that i have logged in using my Google account.
What you need to do is remove the login to your own site by removing the cookie that was probably set somewhere.
I have a simple web app where users can login via Facebook to CRUD objects (and show them on a map).
I successfully implemented the login and logout functions using the full example code from Facebook documentation, but the user doesn't stay logged in.
When I log in, I'm able to display the my Facebook Surname and Name, but when I refresh or go to the next page of my app, the Facebook API tells me that I'm not connected (anymore) and thus I have to reconnect.
The same happens with the full example code. On page refresh: you have to login again.
Am I missing something here ?
That was pretty dumb but my browser (chrome) was blocking cookies from facebook.com on my website, so I couldn't stay logged.
Resolved the problem by authorizing facebook.com cookies on my website.
I am following authentications steps for AMS as described here:
http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-how-to-use-client-library/#caching
From Kendo UI mobile app (Javascript)
I can log in using Google as an authentication provider using client.login("google"), execute authenticated AMS custom API calls
and also doing client.Logout() via button, that seems to successfully disconnect me from AMS
On subsequent client.login(), however, I do not get the Google account login window. It is seemingly stored in a cookie and the user is logged in automatically, thus not giving me a chance to log in as another user.
I was wondering what additional actions besides client.Logout() I must do to initiate the Google login screen on the next session after the user decided to logout. I do not want to force the user out of his Google account, as this would be impolite, just log him out of my application.
I know this question is old, but since it is not answered and I found it out recently I decided to post the answer here.
When you go to google.com you can add another account (top right icon). After that you can choose after each logout which account you want to use for your application to login. And you can even add other accounts to log in.
I have a public-facing web app that will be in a kiosk-like environment. The app requires users to log in with Facebook in order to interact with the app. I am not requiring users to register or to sign up for the site, but rather just log in so the app will have access to their basic info.
This works perfectly, but the issue is when a user logs out and the app is ready for the next user to log in, the previous user's email address is in the OAUTH form.
Is there any way to keep this from being persistant?
EDIT:
To log in, users are being redirected to the Facebook OAuth Dialog page. Once the user logs in it redirects back to the app. It's not really "authenticating" for the app, I am just using Javascript to show the app content once the Facebook JS API detects that a user is logged-in.
Edit
some reason I cannot log in with my account "kevinj". Anyway, I should have been more specific in regard to the setting of this app. It is an iPad web app and the tablet device will be handed out to users for interaction and gathering data.
I have "fixed" this issue by forcing FB to use the desktop browser based OAUTH dialog instead of the Touch version. This allows the user to un-check the "keep me logged in" option and clear out their info after log out.
Thanks for the suggestions and input. I wish I could close this question out but can't log in to my account.
Sine you are on a Kiosk-like environment, I suppose you have access to the browser's options?
If that's the case then I think turning of form history will do the trick. (Firefox example)
Have you tried adding "autocomplete="off"" to the HTML field?