2

I am doing googlre sign in in my app using 

gapi.auth.authorize({
        client_id : clientId,
        scope : scopes,
        immediate : true
    }, handleAuthResult);

I am able to authorize the user ,then i gave a link to gign out the user using this api

gapi.auth.signOut();

it is also signing out the user, but when i refresh the page then it is not asking to sign in again. it is directly loading user account, i want to make it to ask user to again login. Can any body tell me how to do it.

Improve this question
1
  • i was having this problem because i was signing in from an HTTP not an HTTPS page. Commented Dec 17, 2014 at 16:42

2 Answers 2

Reset to default
4

If you are running on localhost, signout will not work.

What you are doing looks like good to me. Perhaps you are missing a check for the user being signed out in your handleAuthResult method. This could be happening because the callback method is going to be triggered even when the user is not signed in. To check this, you should be ensuring that you are getting an access token in your callback before changing the sign in status for your users. Some code to help that will also initialize the Google+ JavaScript API client:

handleAuthResult: function(authResult) {
  gapi.client.load('plus','v1', function(){
    $('#authResult').html('Auth Result:<br/>');
    for (var field in authResult) {
      $('#authResult').append(' ' + field + ': ' +
          authResult[field] + '<br/>');
    }
    if (authResult['access_token']) {
      $('#authOps').show('slow');
      $('#gConnect').hide();
      helper.profile();
      helper.people();
    } else if (authResult['error']) {
      // There was an error, which means the user is not signed in.
      // As an example, you can handle by writing to the console:
      console.log('There was an error: ' + authResult['error']);
      $('#authResult').append('Logged out');
      $('#authOps').hide('slow');
      $('#gConnect').show();
    }
    console.log('authResult', authResult);
  });
},

You can see the demo code working here. If you open your browser's JavaScript console, you will notice the following error message when the user is signed out:

authResult 
...
Object {error: "user_signed_out", 
cookie_policy: "single_host_origin"
error: "user_signed_out"
expires_at: "1388530488"
expires_in: "86400"
g-oauth-window: undefined
g_user_cookie_policy: "single_host_origin"
issued_at: "1388444088"
response_type: "code token id_token gsession"
scope: "https://www.googleapis.com/auth/plus.login 
session_state: "707059cda8acedf0acf31d83c713e9f16f232610..25c4"
status: Object
google_logged_in: true
method: null
signed_in: false
...

If the user is automatically / repeatedly signing out of the site, it's most likely due to a known issue where the cookie store is corrupted. If you are seeing this issue, either open the target page in an incognito window or delete the current cookies, e.g. run the following javascript in the developer console:

var cookies = document.cookie.split(";");

for (var i = 0; i < cookies.length; i++) {
    var cookie = cookies[i];
    var eqPos = cookie.indexOf("=");
    var name = eqPos > -1 ? cookie.substr(0, eqPos) : cookie;
    document.cookie = name + "=;expires=Thu, 01 Jan 1970 00:00:00 GMT";
}
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

@class - We copy pasted your demo code onto our server and changed the client ID to ours, and when we refresh after a sign out, we get back an auth result with no error, so the user is signed in automatically. Any idea why that would happen for our client id but not yours? Or maybe is it related to something else on our site configuration?
If you are running on localhost, it can affect cookie behavior. Are you running on a server on the web?
We've been mostly testing on localhost. So we should try this on our webserver to make sure?
You're right, works perfectly on our CI build on the webserver. Thanks!
They should add a "gotcha" to the page saying that signing out won't work properly on localhost. Would have saved us a few hours this weekend.
|
0

I tried with @class answer, it still did not work with signOut(), there is no error when we call the gapi.auth.authorize. But I found another way, try to access the link https://accounts.google.com/o/oauth2/revoke?token=authResult['access_token'], this will make you like signout, user need to reaccept the autherize. Althought I am little confused now, which way we should use to signOut();

Improve this answer

2 Comments

Were you testing locally or on a webserver? I was having the same issue on localhost but then tried it on our webserver and it worked fine.
Note that this disconnects the user from your account so any refresh tokens you are using for offline access become invalidated. You probably shouldn't be doing this.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.