current community

your communities

more stack exchange communities

Stack Exchange
tour help
stack overflow careers
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

In my (client-side AngularJS) web application I use Google API's Oauth to let the user sign-in

        gapi.auth.authorize({
            client_id: clientId,
            scope: scopes,
            immediate: true 
        }, handleAuthResult);

Now I want to let the user signout as well.

I found that I can do it by using an HTTP request as explained in:

https://developers.google.com/+https://waybackassets.bk21.net/signin/disconnect

However since I'm using Javascript APIs for sign-in, I would like to use Javascript also for logout (i.e. revoking access token).

Is it possible? If yes, how?

EDIT : I precise that my goal is not to use an HTTP request via jQuery but something more alike the login, for example :

gapi.auth.signout (..

share|improve this question
    
I'm a bit confused. You want "to use Javascript also for logout (i.e. revoking access token)." and the page you linked to has just such a JavaScript example. –  pinoyyid Apr 1 at 19:57

1 Answer 1

up vote 1 down vote accepted

The Google GAPI library doesn't have such a method. If you're jQuery averse, it's not too difficult to replace $.ajax with XMLHttprequest.

Make sure you understand the difference between "signing out" (of your Google Account) and revoking an access token. They are not the same thing.

On sessions, a typical sequence is:-

1/ check your session object to see if it is holding a user object.

1a/ If yes, your user is "logged in"

1b/ If no, use OAuth to discover who the user is, look him up in your user database, and store his user object in your session

To logout, simply remove the user object from your session.

There are many variations and alternatives to this technique for user/session management in an OAuth world. This is just one approach.

share|improve this answer
    
thank you for your answer. –  dragonmnl Apr 2 at 11:03
    
just to be sure I understood correctly : revoking the token basically means logging out the user from my app (not Google). right? also, can I login via Google APIs (. auth method) and logout by using Ajax / http request even though they are different message exchanging methods (if I don't misunderstand) –  dragonmnl Apr 2 at 11:05
    
"revoking the token basically means logging out the user from my app ". No. Tokens are used by REST clients to tell a REST server that they have permission to do something. REST has no concept of being logged-in or logged-out because it's stateless (ie. sessionless). Just how you will log a user out of your service depends on what you meant in the first place by logging him in. I've updated my answer with a common sequence (since comments don't allow formatting) –  pinoyyid Apr 2 at 11:51

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.