CODEWITHSUNDEEP
javascriptgoogle-oauth
dragonmnl
dragonmnl

Reputation: 15558

How to revoke Oauth token by using Google's Javascript APIs?

In my (client-side AngularJS) web application I use Google API's Oauth to let the user sign-in

        gapi.auth.authorize({
            client_id: clientId,
            scope: scopes,
            immediate: true 
        }, handleAuthResult);

Now I want to let the user signout as well.

I found that I can do it by using an HTTP request as explained in:

https://developers.google.com/+/web/signin/disconnect

However since I'm using Javascript APIs for sign-in, I would like to use Javascript also for logout (i.e. revoking access token).

Is it possible? If yes, how?

EDIT : I precise that my goal is not to use an HTTP request via jQuery but something more alike the login, for example :

gapi.auth.signout (..

Upvotes: 0

Views: 1515

Answers (1)

pinoyyid
pinoyyid

Reputation: 22306

The Google GAPI library doesn't have such a method. If you're jQuery averse, it's not too difficult to replace $.ajax with XMLHttprequest.

Make sure you understand the difference between "signing out" (of your Google Account) and revoking an access token. They are not the same thing.

On sessions, a typical sequence is:-

1/ check your session object to see if it is holding a user object.

1a/ If yes, your user is "logged in"

1b/ If no, use OAuth to discover who the user is, look him up in your user database, and store his user object in your session

To logout, simply remove the user object from your session.

There are many variations and alternatives to this technique for user/session management in an OAuth world. This is just one approach.

Upvotes: 2

Related Questions