django-allauth socialaccount "full" logout?

Question

I am working on what might become a sort-of kiosk app. I am new to python and django but it is rolling along. My allauth flow for signup uses either a social login (Google for the moment) or a "local" email address & password.

If I login with a Google account then logout I am redirected to the sign-in page, cool. The thing is I have not really been logged out of the Google account. If I click the social login link then I am back in the user area with no password challenge.

Does allauth have a way to logout and have the social auth token removed? Do I need to catch the logout signal and find/delete the token myself?

Answer 1

Looks like there is a built-in solution. There is an action parameter that can be given the value "reauthenticate". Being new to this stuff I am not positive that I have added it in the python/django way but I have edited the template:

myProject/templates/allauth/socialaccount/snippets/provider_list.html

and added action=reauthenticate" to the social auth href line a la:

{% load socialaccount %}

{% get_providers as socialaccount_providers %}

{% for provider in socialaccount_providers %}
{% if provider.id == "openid" %}
{% for brand in provider.get_brands %}
<li>
  <a title="{{brand.name}}" 
     class="socialaccount_provider {{provider.id}} {{brand.id}}" 
     href="{% provider_login_url provider.id openid=brand.openid_url process=process action='reauthenticate' %}"
     >{{brand.name}}</a>
</li>
{% endfor %}
{% endif %}
<li>
  <a title="{{provider.name}}" class="socialaccount_provider {{provider.id}}" 
     href="{% provider_login_url provider.id process=process scope=scope auth_params=auth_params %}">{{provider.name}}</a>
</li>
{% endfor %}

That seems to do the trick.