How to Log User out of an App that uses Google OAu

2019-02-26 03:43发布

站内文章 / Python
58 0 0

问题:

I've implemented a Google OAuth2 login flow in my web-server app (using python/flask). My app redirects the user to Google, where they sign in with Google credentials and get directed back to my app.

I'm having trouble deciding how to implement the Logout functionality for this app. I can clear the app's session cookies, but that doesn't log the user out of their Google a/c. So if the user hits Login after logging out, the redirect goes to Google and since the user is still signed into Google, they're automatically (without even being prompted to re-enter credentials) signed back in to my app.

This SO answer here seems to give a good overview of why its bad practice to force the user to log out of all Google services. If that's the only way out, I'll do it, but I'm assuming there's a more elegant solution out there?

FWIW, 'revoking' Google access tokens also doesn't work. My app uses the profile and email scopes for OAuth2 (see this doc). These don't require explicit 'permission-granting' by the user, so there's no such thing as revoking access to these scopes that would force users to be re-prompted at login time.

In case it helps, I used mostly this doc to implement the OAuth2 flow functionality. I could post my code, but (1) It's all in that article, and (2) Unless you're unfamiliar flask/oauth2, it should be irrelevant to answering this question I think.

Any thoughts would be great, thanks.

回答1:

You can refer the following link to revoke() the token assigned to your App. This will logout user from your app, but he will remain signed into google. Its mentioned on same link you have mentioned in your post above.

https://developers.google.com/identity/protocols/OAuth2WebServer#tokenrevoke



回答2:

The trick is to add prompt='consent'. There are different places to add it depending on the API's you are using. Here is one example based on bookshelf app:

from oauth2client.contrib.flask_util import UserOAuth2
oauth2 = UserOAuth2()
oauth2.init_app(
    app,
    scopes=['email', 'profile'],
    authorize_callback=_request_user_info,
    client_id=app.config['GOOGLE_OAUTH2_CLIENT_ID'],
    client_secret=app.config['GOOGLE_OAUTH2_CLIENT_SECRET'],
    prompt='consent'
)


标签: python flask google-oauth2 google-authentication google-api-python-client
举报

收藏的人(0)

Ta的文章 更多文章
登录 后发表评论
0条评论
还没有人评论过~