Log out of Google Oauth in webapp from PHP - javascript

When the user authenticateswith the "sign in" with google button with javascript the user is redirected into my webapp basedon the successful return. I pass the id-token to the backend and use $client->verifyIdToken($id_token); to fetch and can get the userid ('sub'). Great!
When the user wants to logout, I need to kill the session on the backend so I have a page /logout that logs the user out and then redirects to the top page. However, the top page javascript login box still indicates that the user is signed in and triggers a sign in and gets redirected back into the webapp which is bad. If the user has logged out, I want them to have to click the Google "Sign in" button again and have it run automatically.
I've looked through all the documentation I can find for the PHP backend and I can't seem to find any way to log the user out of my app. I've even tried calling $client->revokeToken(); on the backend on the logout page but it has no effect.
Is there anyway to logout the Google user from my app on the backend or am I forced to detect if the user is logged in, call this javascript first and then proceed to my logout page?
<script>
function signOut() {
var auth2 = gapi.auth2.getAuthInstance();
auth2.signOut().then(function () {
console.log('User signed out.');
});
}
</script>
It would seem to me that there should be a logout from google (or revoke the current session in webapp (token?) ) from the backend but I can't find it for the life of me.

Google does not allow for third party logout. That being said your application can not log a user out of Google. If they allowed that then your app could also log me out of Stack overflow and every other third party website that i have logged in using my Google account.
What you need to do is remove the login to your own site by removing the cookie that was probably set somewhere.

Related

Delete User session of Azure ADB2C using MSAL

I have integrated Azure ADB2C in React SPA, using MSAL package. Both login and logout is working fine. My requirement is, After user successfully changes the password in Azure ADB2C update password page I am redirecting user to confirmation page stating that they have successfully changed the password and displayed a "Continue" button on click of that, the user will be made to signed out of the application.
The above scenario works fine, but if the user without clicking the "Continue" button, clicks on the browser back button, the user can visit the authenticated pages and the user is still authorized to visit the pages. But instead I want the user to get logged off from the application.
Is there any way in Azure ADB2C to delete the active user session alternatively without triggering the button.
While clicking on the button am calling Signout policy already defined.

microsoft graph api. automatic login after user is logged out problem

I have succesfully setup a NodeJS web application that uses the Microsoft Graph API. There is only one silly problem.
So if a user wants to use the application, he has to log in first. Thats why the first page of my app is the authentication url of the Microsoft API. After the user has succesfully logged in, he is send to the homepage. Now when the user clicks on logout button, problems begin to appear.
As I have said earlier, the first page of the app is the auth url from Microsoft API. When the user logs out he is send back to that same url, because he is not logged in anymore. While he is being send to the login url, microsoft automatically logs the user back in.
So my question is, is there a way the user isn't logged in autmatically after he signed out?
I know this has to do with the cookies from login.live.com. Because if I delete them I have to mannually sign in again.
The solution is to use prompt parameter. docs.

Facebook JS API: User does not stay connected

I have a simple web app where users can login via Facebook to CRUD objects (and show them on a map).
I successfully implemented the login and logout functions using the full example code from Facebook documentation, but the user doesn't stay logged in.
When I log in, I'm able to display the my Facebook Surname and Name, but when I refresh or go to the next page of my app, the Facebook API tells me that I'm not connected (anymore) and thus I have to reconnect.
The same happens with the full example code. On page refresh: you have to login again.
Am I missing something here ?
That was pretty dumb but my browser (chrome) was blocking cookies from facebook.com on my website, so I couldn't stay logged.
Resolved the problem by authorizing facebook.com cookies on my website.

Facebook Javascript SDK thinks I'm a different user

I created a second FB account for the purpose of testing logins, friend relationship functionality, etc. Unfortunately, Facebook is telling me that the other account has not been authorized (even though I did - I'm just going to give it a day or so), however, that's not really the issue.
When trying to log into my app with my original FB profile, which definitely does have access rights, it appears that the app thinks I'm the other user and I'm getting the following message:
"App Not Setup: This app is still in development mode, and you don't have access to it. Switch to a registered test user or ask an app admin for permissions."
I'm getting this despite the fact that I've logged back into my primary FB account on facebook.com. Is there a way for me to break all previous associations or refresh the user? It might even be preferable to prompt the app user to put in his or her FB email and password at each login. Is there a way to do that?
Also, when I log in from my phone, I don't get the error message. It's as if the fact that I logged into the secondary account from my computer is blocking the normal login routine.
This is the Javascript that executes when I click the Facebook login button.
function checkLoginState() {
FB.login(function(response) {
FB.getLoginStatus(function(response) {
statusChangeCallback(response);
}, true);
})
}
Any ideas?

Logging out user from application FB.logout() not facebook

I have read Facebook documentation and it says that FB.logout is used to log the user out of both web application and Facebook. I have made a website on which I use FB.logout() but I want only the session of the user to be revoked not log the user out of the Faceboook.
I have seen this thing been done on many other websites looking at their code I find they are also using code like
function fb_logout(){
FB.logout(function(response) {
console.log('loggedout');
});
}
I also tried using this function but I still log my users out of Facebook too.
Is there a way to accomplish this task?
You can just delete all the data you have on user and show them login button again (mimicking logout from your app) without calling "FB.logout" function(it logs user out of facebook too). This will behave as per your needs, once user clicks on the login button again, you will again get the data without him needing to login to facebook again.

Categories