如何注销一个应用程序，我使用的OAuth2到登录随着谷歌吗？ [英] How to Logout of an Application Where I Used OAuth2 To Login With Google?

问题描述

在我的应用程序，我实现了谷歌signout使用JSAPI。

In my application, I implemented Google signout using jsapi.

我使用url <一个href=\"https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=xxxxxx\">https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=xxxxxx连接到谷歌，然后<一个href=\"https://www.googleapis.com/plus/v1/people/xxxxxx\">https://www.googleapis.com/plus/v1/people/xxxxxx从谷歌个人资料获取用户数据。

I used the url https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=xxxxxx to connect to Google and then https://www.googleapis.com/plus/v1/people/xxxxxx to get user data from google profile.

现在我需要从谷歌signout用户在从我的应用程序点击一个按钮。我怎么能在JavaScript中实现这一点，或至少它必须每次都问谷歌登录页面，用户迹象

Now I need to signout the user from Google while clicking a button from my application. How can I implement this in JavaScript, or at least it must ask the Google login page every time the user signs in.

我已经试过approval_prompt =力，但似乎并没有被工作。

I have tried approval_prompt=force, but seems not to be working.

推荐答案

我不知道，如果你使用的OAuth登录到堆栈溢出，像登录与谷歌选项，但是当您使用此功能，堆栈溢出只是问谷歌是否知道你是谁：

Overview of OAuth: Is the User Who He/She Says He/She is?:

I'm not sure if you used OAuth to login to Stack Overflow, like the "Login with Google" option, but when you use this feature, Stack Overflow is simply asking Google if it knows who you are:

哟谷歌，这Vinesh家伙声称vinesh.e@gmail.com是他，是真的吗？

"Yo Google, this Vinesh fella claims that vinesh.e@gmail.com is him, is that true?"

如果您已经登录，谷歌会说YES。如果不是这样，谷歌会说：

If you're logged in already, Google will say YES. If not, Google will say:

挂在秒堆栈溢出，我会验证这个家伙，如果他能为他的谷歌帐户输入正确的密码，那么它就是他。

"Hang on a sec Stack Overflow, I'll authenticate this fella and if he can enter the right password for his Google account, then it's him".

当您输入您的密码谷歌，谷歌然后告诉堆栈溢出你是你说你是谁，以及堆栈溢出让您登录

When you enter your Google password, Google then tells Stack Overflow you are who you say you are, and Stack Overflow logs you in.

在此处，开发新的OAuth有时会有点迷糊......谷歌和堆栈溢出，Assembla，Vinesh's-极冷油滑的web应用，都是不同的实体，而谷歌知道在Vinesh很酷的web应用一无所知帐户，反之亦然，除了什么是通过您正在使用访问配置文件信息的API公开。

Here's where developers new to OAuth sometimes get a little confused... Google and Stack Overflow, Assembla, Vinesh's-very-cool-slick-webapp, are all different entities, and Google knows nothing about your account on Vinesh's cool webapp, and vice versa, aside from what's exposed via the API you're using to access profile information.

的当用户注销时，他或她是不是退出的谷歌，他/她将注销您的应用程序，或堆栈溢出，或Assembla，或任何Web应用程序中使用谷歌的OAuth验证用户。的

其实，我可以登录了我所有的谷歌帐户，但仍然可以登录到堆栈溢出。一旦你的应用程序知道用户是谁，那个人可以登录谷歌出来的。谷歌不再需要。

In fact, I can log out of all of my Google accounts and still be logged into Stack Overflow. Once your app knows who the user is, that person can log out of Google. Google is no longer needed.

随着中说，你要问做的是注销用户真的不属于你的服务。想想看这样的：作为一个用户，怎么生气，你认为我会，如果我登录到我的谷歌帐户的5个不同的服务，那么我第一次退出的其中之一，我必须登录到我的Gmail帐户又因为应用程序开发人员决定，当我登录了他的申请，我也应该退出的谷歌？这是怎么回事变老的真快。总之，你的真的不希望这样做 ...

With that said, what you're asking to do is log the user out of a service that really doesn't belong to you. Think about it like this: As a user, how annoyed do you think I would be if I logged into 5 different services with my Google account, then the first time I logged out of one of them, I have to login to my Gmail account again because that app developer decided that, when I log out of his application, I should also be logged out of Google? That's going to get old really fast. In short, you really don't want to do this...

随着中说，如果你的还是做的要注销用户的谷歌，并意识到你很可能会打乱他们的工作流程，你可以动态地从一个构建注销URL的谷歌服务注销按钮，然后调用，使用img元素或脚本标记：

With that said, if you still do want to log a user out of Google, and realize that you may very well be disrupting their workflow, you could dynamically build the logout url from one of their Google services logout button, and then invoke that using an img element or a script tag:

<script type="text/javascript" 
    src="https://mail.google.com/mail/u/0/?logout&hl=en" />

或

<img src="https://mail.google.com/mail/u/0/?logout&hl=en" />

或

window.location = "https://mail.google.com/mail/u/0/?logout&hl=en";

如果您重定向用户到注销页面，或从没有跨域限制的元素调用它，用户将被注销的谷歌。

If you redirect your user to the logout page, or invoke it from an element that isn't cross-domain restricted, the user will be logged out of Google.

请注意，这并不一定意味着用户将被注销的的您的应用中，只有谷歌。 ：）

Note that this does not necessarily mean the user will be logged out of your application, only Google. :)

什么是重要的，你要记住的是，当你退出你的应用程序，你不需要让用户重新输入密码。这是整点！它会验证对谷歌，使用户不必在他或她使用每个Web应用程序一遍又一遍又一遍地输入他或她的密码。这需要一些时间来适应，但要知道，只要用户登录到谷歌，你的应用程序并不需要担心用户是否为他/她说的是谁，他/她。

What's important for you to keep in mind is that, when you logout of your app, you don't need to make the user re-enter a password. That's the whole point! It authenticates against Google so the user doesn't have to enter his or her password over and over and over again in each web application he or she uses. It takes some getting used to, but know that, as long as the user is logged into Google, your app doesn't need to worry about whether or not the user is who he/she says he/she is.

我对你做一个项目，使用使用OAuth的谷歌个人资料的信息相同的实现。我想你正在寻找尝试同样的事情，它真的开始让人们愤怒时，他们不得不一遍遍登录到谷歌了，所以我们停止记录出来的谷歌。 ：）

I have the same implementation in a project as you do, using the Google Profile information with OAuth. I tried the very same thing you're looking to try, and it really started making people angry when they had to login to Google over and over again, so we stopped logging them out of Google. :)

这篇关于如何注销一个应用程序，我使用的OAuth2到登录随着谷歌吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！