从Google注销后,Google oAuth不会使令牌字符串无效 [英] Google oAuth doesn't invalidate token string after log out from Google
问题描述
我使用Google oAuth登录我的网站.对于登录而言,这是完美的工作方式,但对于注销而言,则行不通.
I use Google oAuth to login my website. This is perfectly works fine for sign in. But it doesn't work for logout.
我在下面做
- 从Google API获取idTokenString
- 与我的会议保持联系
- 针对GoogleIdTokenVerifier的每个请求验证此令牌
当用户执行以下操作时,Google不会使令牌无效,而是会发送成功响应.
When user does below action google doesn't invalidates the token instead it sends success response.
- 已登录Google的用户
- 通过允许访问来访问我的网站
- 用户从google注销
- 用户访问我的网站
- 我的系统发送令牌以对其进行验证.
- Google给了我idToken,因此我的系统允许用户访问我的网站
当用户关闭浏览器并返回时,令牌无效,我的系统不允许这样做.但是,如果不关闭浏览器,它将无法正常工作
When the user closes the browser and come back then the token invalidated and my system doesn't allow. But without closing the browser it doesn't work
推荐答案
这是预期的行为.如果用户要从google中注销,则它也不会从您的应用程序中注销. 但是,如果您要从应用程序中注销用户并希望Google也注销,则可以使用一种解决方法.您只需以编程方式清除浏览器中的所有cookie,或者您可以通过其Google服务注销按钮之一动态构建注销网址,然后在应用程序中使用img元素或脚本标签进行调用.
This is the expected behavior. If user is logging out of the google it will not logout from your application as well. However, there is a work around if you want to logout user from your application and want google to be also logged out. You just have to clear all the cookies from the browser programatically OR you could dynamically build the logout url from one of their Google services logout button, and then invoke that using an img element or a script tag in your application.
<script type="text/javascript"
src="https://mail.google.com/mail/u/0/?logout&hl=en" />
OR
<img src="https://mail.google.com/mail/u/0/?logout&hl=en" />
OR
window.location = "https://mail.google.com/mail/u/0/?logout&hl=en";
这篇关于从Google注销后,Google oAuth不会使令牌字符串无效的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
