I've been looking through the Google Sign-In guides and it says to use the signOut function (https://developers.google.com/identity/sign-in/web/sign-in) for it's self-described purpose. I understand that it doesn't sign you out of Google (that would be frustrating), but I don't understand what it actually does. Does it switch some "logged in" variable from true to false? If so, how do I check it? The reference doesn't provide much detail https://developers.google.com/identity/sign-in/web/reference#googleauthsignout
The way Google Sign-In for Websites works is that users coming back to your website will be automatically signed-in with no prompt or action necessary.
When using signOut() this doesn't happen and the user will have to sign-in again. Signing out doesn't revoke any permissions though, but only removes any currentUser information form the current session.
When the user then decides to sign-in again they will be logged in right away without a new permission prompt.
To disconnect a user completely and revoke all permissions/tokens there's the extra disconnect() method.
One thing to note is that the signOut functionality only works if you have deployed your website to some hosting. So if you are testing on localhost you won't see the expected behavior. Not sure why that is the case, but I have encountered this problem in the past, but signOut worked as expected as soon as the website was deployed.
To keep your website updated with the current sign-in state you should be listening to isSignedIn and/or currentUser changes, that will also trigger when the user signs out: https://developers.google.com/identity/sign-in/web/listeners
Related
I'm migrating from the Google sign-in platform library to the new Google Identity Services with one-tap sign in, but the website automatically logs the user out when they refresh or go to a different page.
This is the code that's present on every page that loads the one-tap sign in:
<div id="g_id_onload"
data-client_id="[CLIENT ID]"
data-callback="onSignIn"
data-auto_select="true">
</div>
Removing this just keeps the user logged out with no way to log back in. There is a cookie, g_state, that stores the user's login, as well as attributes to display the popup based on its presence, but working with this also keeps the user logged out with no way to log back in.
Is there any way to prevent automatic logout on refresh?
Setting a cookie to track user sign-in status to your site should do it.
A few things to be aware of:
Your callback handler will manage the signed-in or signed-out status for users, here OnSignIn.
The cookie name set by data-skip_prompt_cookie is used to suppress One Tap after the user successfully signs into your website -- you've already logged in right, so stop bothering me with One Tap prompts. So, after someone visits any page and signs in, you'll issue a cookie so that One Tap isn't displayed when the next page is loaded. You'd want to clear this cookie when they sign out of your website.
The data-skip_prompt_cookie helps you control when to display One Tap when you're using static HTML, when using JS you'd choose to display One Tap by calling google.accounts.id.prompt or skip calling it and displaying One Tap.
Avoid using or referencing g_state entirely, it currently helps manage how to display the UI and isn't intended to be used as a means to try and track signed-in or session status. Instead, track user sign-in using your own cookie and data-skip_prompt_cookie.
I am having issues figuring out how to implement the functionality for my current tasks. I will try to explain the situation simply:
The app is an Angular 2 webapp that uses Firebase for authentication. when the app loads up, the user is automatically authenticated anonymously (since we have database and file storage rules that are set to "auth != null".
Then later in the app there is a feature that the user can only use when authenticated through an auth provider (Google). If I try to just sign in with Google it saying that the user is already signed in.
So we can sign out, and then try to authenticate with Google. But then what if the user closes the auth popup box or denies giving the app permissions? Then the user is not authenticated at all!
And if we re-authenticate anonymously if the Google sign-in fails then we have a completely different username (created from the uid) which is very weird UX for the user.
Perhaps I am not thinking about it correctly, but I just don't see any good solution for what I'm trying to do. Hopefully, someone else can find a better solution. Thanks!
I am trying to create a Google Sign In workflow, the problem i have, after the button click, the modal to select the account, i get the success callback and i can access the user basic profile.
The problem is, when i refresh the site. If i run auth2.isSignedIn.get() it always return false.
To be sure my code is not the problem, i copy this example from Google
https://github.com/googleplus/gplus-quickstart-javascript/blob/master/index.html
Enter the site with Google code, login, select my account from the modal and the site display my information but when i reload the site, the session disappear.
Maybe i am missing something, how we can persist the session so the user don't have to login every time we refresh the site.
Thanks!
For this you need to implement the authentication in a server and maintain the session using cookies
You can use node, passport to achieve this. Hope this helps.
I am following authentications steps for AMS as described here:
http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-how-to-use-client-library/#caching
From Kendo UI mobile app (Javascript)
I can log in using Google as an authentication provider using client.login("google"), execute authenticated AMS custom API calls
and also doing client.Logout() via button, that seems to successfully disconnect me from AMS
On subsequent client.login(), however, I do not get the Google account login window. It is seemingly stored in a cookie and the user is logged in automatically, thus not giving me a chance to log in as another user.
I was wondering what additional actions besides client.Logout() I must do to initiate the Google login screen on the next session after the user decided to logout. I do not want to force the user out of his Google account, as this would be impolite, just log him out of my application.
I know this question is old, but since it is not answered and I found it out recently I decided to post the answer here.
When you go to google.com you can add another account (top right icon). After that you can choose after each logout which account you want to use for your application to login. And you can even add other accounts to log in.
I am building a very small webpage to use in a kiosk stand. The goal is to let people "Like" a facebook page on location with a touchscreen.
Users have to login first to like a page, so Facebook will come up with their regular Login popup, which works like a charm. When the user logged in, the page is liked (since they clicked the "Like"-button) and the user should be logged out again (since no-one wants to be logged in on a public computer). The page should reload after that.
Now this is possible with the Javascript API from Facebook. They have an event listener that calls a function when a user likes a page. I just have to call FB.logout() when that event triggers :) .
Unfortunatly, it isn't working for me. I could be very dumb, or the Facebook API is bugged.
My code:
window.fbAsyncInit = function() {
FB.Event.subscribe('edge.create', function(response) {
FB.logout(function(response) {
window.location.reload();
});
});
}
But this doesn't work, and I think the problem lies in the Login part from Facebook.
Does anyone has any experience with this? It should be very simple, but I can't get it to work...
Some things I have tried:
Prompt a normal login - Possible, but it says that my app needs access to some information. Really the only thing I want to do is get users to like a page.
setTimeout loop - Tried this, but the Facebook Login seems to stop Javascript as a whole on my page?
EDIT: I know that it is a bad idea for people to insert their credentials into a public computer, but the customer wants it this way. There is also a QR-code which links to the Facebook page, but that doesn't solve my problem :) .
TL;DR: Facebook Javascript callback from the "Like"-button works when a user is Logged in, but fails when a user has to log-in via the Facebook pop-up.
Unfortunatly, it isn't working for me. I could be very dumb, or the Facebook API is bugged.
Nope. The problem lies in your approach, resp. the concept.
FB.logout only works with an active access token (since otherwise, any site I visit on the net could log me out of Facebook, and that would be hugely annoying).
But since the user does not connect to your app, you don’t have an access token.
Prompt a normal login - Possible, but it says that my app needs access to some information.
That is the only way you will get an access token, and since the only way you can use FB.logout.
(And if the user logs in to Facebook, but then denies connecting to your app, again you will not have an access token, so you can’t log them out in that case either.)