Reputation: 8001
Django OAuth Toolkit how to log the user out
I have set up Django OAuth Toolkit in my project where the authorization server is separate from the application server (i.e accounts.example.com and app.example.com). App server redirects to accounts server using authorize flow; the user inputs credentials to sign in to auth server, then auth server redirects the user back to application; so that the app can retrieve tokens.
The above flow currently works as expected. If I do not click explicitly Log out the user and the application signs out (e.g session expires or browser cookies are cleared), the above flow will be performed again and there won't be a need for credentials because auth server still knows who is signed it.
However, I am having trouble with explicitly logging the user out of the application. If a user explicitly clicks login, firstly, the token must be revoked and secondly, the auth server must sign out. What is the proper way to achieve this? As far as I am concerned, I won't be able to use Ajax to log out the user because the session must be destroyed in auth server.
So, I have been thinking of redirecting the user to accounts.example.com/signout?token=${accessToken}&client_id=${clientID}. However, I am not sure if this is the right approach. Is this how these sign out requests work with OAuth? Does that mean that when I sign out from the system, I need to always provide Access Token and Client ID?
Upvotes: 2
Views: 733
Answers (0)
Related Questions
- django-oauth-toolkit logout issue with not prompting the user for username/password every time
- How to logout in django?
- How to force a user logout in Django?
- How to logout from Django with custom user model and custom logout view?
- How can I logout a user in Django?
- How to log a user out in django (without the request)
- How to logout an inactive user in django?
- How do i programmatically logout user?[Django]
- Trouble logging out user in Django
- Django login/logout