CODEWITHSUNDEEP
oauth-2.0
hasib32
hasib32

Reputation: 835

Best way to logout user using OAuth 2.0 api

I am new to OAuth 2.0. I have created an api that use OAuth 2.0 for authentication. Now, I am trying to use the api myself. But I am not sure how I logout an user after they click logout button. My question is do I need to delete the access token after they click logout or remove the user session. I am using password grant type.

Thanks in advance.

Upvotes: 1

Views: 2746

Answers (3)

Saurabh Mistry
Saurabh Mistry

Reputation: 13669

  1. Server Side To Do : Delete access_token and refresh_token from database .

  2. Client Side To Do : Clear data from localStorage or sessionStorage or cookie from browser

Upvotes: 0

Bassem Reda Zohdy
Bassem Reda Zohdy

Reputation: 12942

if you want to not allow user to use the app before log-in again you have to delete the access token from database so the token will be invalid, otherwise removing session without the access token will not invalidate the access token, you can try it by your-self, another point if you are using password grant type, so you are not using browser it should not be there any session.

Upvotes: 1

xavigonza
xavigonza

Reputation: 170

I'm sending GET requests to addresses "https://accounts.google.com/Logout?continue=http://google.com" to logout from Google, to "https://login.live.com/oauth20_logout.srf" to logout from Microsoft, and "https://graph.facebook.com/me/permissions?method=delete" for Facebook. Microsoft additionally needs redirect_uri and client_id parameters.

I think the token is not valid anymore after this request, but I haven't tested.

Upvotes: 0

Related Questions