Explore our sites

Stack Exchange
tour help careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 1 down vote favorite

My application is integrated with Facebook, Google and Microsoft (using OAuth).

To logout from facebook I'm using the following URL:

https://www.facebook.com/logout.php?next=[YourAppURL]&access_token=[ValidAccessToken]

Is there something similar for Google and for Microsoft?

For Google I tried:

https://accounts.google.com/Logout?continue=http://localhost:51820

But it didn't work... It returns: The page you requested is invalid.

How can I get that URL logout?

share|improve this question
 
Do you use OAuth for client-side (only JavaScript integration) or server-side (with the access codes and token exchange on your server)? Note that for server-side case, it is wrong to expose access-token to the client-side. Facebook provides no proper way to logout users who where authorized via server-side. –  Vilmantas Baranauskas Jun 12 '13 at 14:02
add comment

2 Answers

up vote 2 down vote accepted

I finally got the right links:

  • Facebook:

https://www.facebook.com/logout.php?next=[YourAppURL]&access_token=[ValidAccessToken]

Source: A Working Facebook OAuth Logout URL

  • Google:

https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=[http://www.mysite.com]

Source: google account logout and redirect

  • Microsoft:

https://login.live.com/oauth20_logout.srf?client_id=[CLIENT_ID]&redirect_uri=[REDIRECT_URL]

Source: Server-side scenarios

Those links can be use like that in JavaScript:

function logout (){
document.location.href = "https://www.facebook.com/logout.php?next=[YourAppURL]&access_token=[ValidAccessToken]";
}

Suggestion to implement this: Logout from external login service (Gmail, facebook) using oauth

share|improve this answer
 
hi @amp tried with your Google sample it works fine! Do u have same for LinkedIn account...? –  SHEKHAR SHETE Oct 25 '13 at 13:28
add comment
up vote 1 down vote

You shouldn't be logging the user out of Facebook, Google, etc. You just need to log them out of your app. By redirecting them to accounts.google.com/Logout you're actually logging the user out of their Google account, which means if they also had Gmail open in another tab (say) they'd also be logged out of that. Similarly, if you redirect them to www.facebook.com/logout.php you're actually logging them out of Facebook, which means if they had Facebook open in another tab, they would be logged out of there as well.

Instead, all you should do, when the user logs out of your app, is "forget" the OAuth tokens.

share|improve this answer
 
I know that, but I'm asking first if they really want logout from the provider. This could be useful, for instance, in a public computer. –  amp Jun 12 '13 at 8:28
1  
Actually facebook states it in their policies that you MUST logout users from facebook as well if you offer "logout" button on your application. Unfortunately, they do not provide a correct way to do this if users have been authorized on the server-side. –  Vilmantas Baranauskas Jun 12 '13 at 14:04
add comment

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.