使用Google+登录时阻止自动登录 [英] Preventing automatic sign-in when using Google+ Sign-In

问题描述

我正在将Google+登录与我的网站集成在一起，这也使用户可以使用Twitter和Facebook登录.因此，该网站的登录页面上有3个按钮，每个服务都有一个按钮.

I am in the process of integrating Google+ sign in with my site, which also lets users sign in with Twitter and Facebook. The sign in page of the site therefore has 3 buttons, one for each of the services.

在以下情况下，我遇到的问题是

The issue I am having is in the following scenario:

• 用户转到登录页面
• 用户成功使用Google+登录
• 用户退出我的网站(但该帐户仍与G +关联，退出该网站不会断开G +帐户的连接)
• 用户再次访问登录页面
• 在此阶段，呈现使用G +登录"按钮，并自动将用户登录到与G +关联的帐户中，而无需用户单击按钮

问题在于，在重新访问登录页面时，我希望用户可以选择使用其他服务登录，而不是使用G +自动登录.如果用户想使用G +登录，则可以通过单击按钮进行登录-用户将自动登录.

The problem is that on revisiting the sign in page, I want the user to have the option of signing in with another service, rather than automatically being signed in with G+. If the user wants to sign in with G+ then they can do so by clicking the button - the user will then be signed in automatically.

是否可以防止此自动登录按钮呈现?我可以使用data-approvalprompt="force"作为按钮上的属性来模拟它，但是我认为这不是理想的解决方案(用户必须经过确认过程，我希望这样做是可以避免的)

Is it possible to prevent this automatic sign in on button render? I can simulate it by using the data-approvalprompt="force" as an attribute on the button, but I don't think this is an ideal solution (the user then has to go through the confirmation process, which I would ideally would like to prevent)

推荐答案

更新

防止自动登录的最佳方法是使用API​​方法gapi.auth2.getAuthInstance().signOut()，该方法将在调用网站后阻止自动登录. 此处演示.

The best supported way to prevent automatic sign-in is to use the API method gapi.auth2.getAuthInstance().signOut() which will prevent automatic sign-in on your site after it has been called. Demo here.

在演示中，用户离开页面时退出，如以下代码所示:

In the demo, the user is signed out when they leave the page as shown in the following code:

window.onbeforeunload = function(e){
  gapi.auth2.getAuthInstance().signOut();
};

现在，每当用户退出网站(例如，关闭窗口，导航)时，他们都会被注销，并且登录按钮将不会触发登录，直到用户单击它.

Now, whenever the user exits the site (e.g. closes the window, navigates away), they will be signed out and the sign in button will not trigger sign-in until the user clicks it.

我不建议您在自己的实现中执行此操作，而是允许用户在不再希望登录时明确退出.此外，请注意，我的示例是一个演示，您可能不希望这样做想在用户离开您的网站时自动将其注销.

I don't recommend you do this in your own implementation but instead allow the user to explicitly sign out when they no longer desire want to be signed in. Also, please note that my example is a demo, you probably do not want to sign the user out automatically any time they leave your site.

原始帖子

首先，您不应该使用data-approvalprompt ="force"，因为这会导致向应用程序/客户端颁发额外的授权子令牌，并且该令牌旨在用于需要在拥有凭据后重新授权用户的情况下在服务器端丢失了.

First, you should not be using data-approvalprompt="force" as this will cause extra authorized subtokens to be issued to your application / client and is designed to be used in scenarios where the user needs to be reauthorized after credentials have been lost server-side.

其次，您可能不想出现用户需要单击以登录的行为，因为他们已经登录"了自己的Google帐户，并且可能需要登录(或触发登录-再次)，分别针对您的网站.

Second, you probably do not want to have the behavior where the user needs to click to sign in because they are already "signed in" to their Google account and it could be confusing to need to sign in (or trigger sign-in) again, separately, for your site.

如果您确实想执行此操作，则可以对登录按钮执行显式渲染，但不会调用

If you really wanted to do this, you would perform an explicit render for the signin button but would not make the call to gapi.signin.render as documented in the Google+ sign-in documentation until you are aware that the user will not automatically get signed in.

以下代码显示了如何启用登录按钮的显式呈现:

The following code shows how to enable explicit render of the sign-in button:

<script type="text/javascript" src="https://apis.google.com/js/plusone.js">
{"parsetags": "explicit"}
</script>
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
<head>
<script type="text/javascript">
var token = "";
function onSigninCallbackVanilla(authResponse){
   // in a typical flow, you show disconnect here and hide the sign-in button
}

以下代码显示了如何显式呈现按钮:

The following code shows you how to explicitly render the button:

  <span id="signinButton">
    <button id = "shim" onclick="gapi.signin.go(); $('#shim').hide();">Show the button</button>
    <span
      class="g-signin"
      data-callback="onSigninCallbackVanilla"
      data-clientid="YOUR_CLIENT_ID"
      data-cookiepolicy="single_host_origin"
      data-requestvisibleactions="http://schemas.google.com/AddActivity"
      data-scope="https://www.googleapis.com/auth/plus.login">

    </span>
  </span>  

您传达的有关用户已退出站点的通信方式可能会因站点而异，但是一种方法可能是设置一个cookie，以指示用户的已退出"状态，然后使用此方法作为阻止显式负载的触发条件.当用户访问您的网站并禁用Cookie或使用单独的登录浏览器时，此行为会变得有些棘手.为了解决这个问题，您可以做一些复杂的事情，例如在登录回调上通过XHR从服务器查询用户状态，并假装不知道用户已登录Google +.

How you're communicating that the user is signed out of your site is probably going to vary from site to site, but one approach could be to set a cookie indicating the "signed out" state for a user and then using this as the trigger for blocking explicit load. The behavior gets a little trickier when a user visits your site and has disabled cookies or uses a separate, signed-in, browser. To address this, you could do something complicated like querying the user state from your server over XHR on the sign-in callback and pretending not to know the user is signed in to Google+.

这篇关于使用Google+登录时阻止自动登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！