gapi.auth.signOut(); not working I'm lost

Question

Below is the code I am using to login with google. I have an element on login.php with id authorize-button. When clicked it logs in just fine.

I have a logout link in my header file. When I click the logout it calls gapi.auth.signOut(); then it destroys session and redirects back to login.php

This happens as far as I can tell but then it just logs the user right back into our site with google. This is a pain as some of our users switch from google to facebook logins.

Thanks in advance for any help.

function handleClientLoad() {
    gapi.client.setApiKey(apiKey);
    window.setTimeout(checkAuth, 1);
}

function checkAuth() {
    gapi.auth.authorize({client_id: clientId, scope: scopes, immediate: true}, handleAuthResult);
}

function handleAuthResult(authResult) {
    var authorizeButton = document.getElementById('authorize-button');


    if (authResult && !authResult.error) {
        //authorizeButton.style.visibility = 'hidden';
        makeApiCall();
    } else {
        //authorizeButton.style.visibility = '';
        authorizeButton.onclick = handleAuthClick;
    }
}

function handleAuthClick(event) {
    gapi.auth.authorize({client_id: clientId, scope: scopes, immediate: false}, handleAuthResult);
    return false;
}

function signOut() {
    gapi.auth.signOut();
}


function makeApiCall() {

    gapi.client.load('oauth2', 'v2', function() {
        var request = gapi.client.oauth2.userinfo.get();

        request.execute(function(logResponse) {

            var myJSON = {
                "myFirstName": logResponse.given_name,
                "myLastName": logResponse.family_name,
                "name": logResponse.name,
                "socialEmailAddress": logResponse.email
            };

            gapi.client.load('plus', 'v1', function() {

                var request = gapi.client.plus.people.get({
                    'userId': 'me'
                });
                request.execute(function(logResponse2) {
                    //alert(JSON.stringify(logResponse));
                    myJSON['profilePicture'] = logResponse2.image.url;
                    myJSON['socialId'] = logResponse2.id;
                    //alert(JSON.stringify(myJSON));
                    $.ajax({
                        type: "POST",
                        url: "includes/login-ajax.php",
                        data: "function=googleLogin&data=" + JSON.stringify(myJSON),
                        dataType: "html",
                        success: function(msg) {

                            if (msg == 1) {

                                //window.location = "settings.php";
                            }
                        }
                    });
                });
            });
        });
    });
}

Answer 1

I came across the same issue today. I have search for solution the whole. The only reliable solution that worked for me is through revoke as explained here

I stored access_token in session which is needed during revoke

Below is my code you may find it useful

      function logout() {
         var access_token = $('#<%=accessTok.ClientID %>').val();
         var provider = $('#<%=provider.ClientID %>').val();
    if (access_token && provider) {
        if (provider == 'GPLUS') {
            var revokeUrl = 'https://accounts.google.com/o/oauth2/revoke?token=' +
                access_token;

            // Perform an asynchronous GET request.
            $.ajax({
                type: 'GET',
                url: revokeUrl,
                async: false,
                contentType: "application/json",
                dataType: 'jsonp',
                success: function (nullResponse) {
                    // Do something now that user is disconnected
                    // The response is always undefined.
                },
                error: function (e) {
                    // Handle the error
                    // console.log(e);
                    // You could point users to manually disconnect if unsuccessful
                    // https://plus.google.com/apps
                }
            });
        }
        else if (provider == 'FB') {
            FB.getLoginStatus(function (response) {
                if (response.status === 'connected') {
                    FB.logout();
                }
            });
        }
    } else {

    }
}

Answer 2

Weird issue, but solved my problem by rendering the signin button (hidden) even if the user is authenticated.

See full question/answer here https://stackoverflow.com/a/19356354/353985

Answer 3

Make sure you have set your cookie-policy to a value other than none in your sign-in button code. For example:

function handleAuthClick(event) {
  gapi.auth.authorize(
    {
      client_id: clientId, 
      scope: scopes, 
      immediate: false, 
      cookie_policy: 'single_host_origin'
    },
    handleAuthResult);
  return false;
}

Note that sign out will not work if you are running from localhost.