以编程方式通过Oauth从Gmail注销 [英] Programmatically logout from Gmail via Oauth

问题描述

我有一个网站，我使用Oauth将用户登录到Gmail，然后检索他们的联系人和其他信息。我需要做些什么来确保当用户注销我的网站时，他也会自动从Gmail登出？

解决方案

这可能是3段OAuth流程的一个缺点。用户必须登录其帐户才能提供同意，但一旦他们提供同意，OAuth流程就会将他们从Gmail中移除。由于用户在登录时提供了不同的思路，以提供同意与登录发送/检查电子邮件，但他们可能没有意识到他们在用户流程返回到OAuth使用者后仍然保持登录状态。

我在Gmail以及Yahoo和WindowsLive中遇到了这个问题。

在没有标准的情况下，我正在考虑修改我的网站上的用户体验，以便让用户更加清楚他们仍然登录到他们的Gmail帐户并将一直如此，直到他们积极退出。此时，我的最佳选择是在我的网站上的Gmail图标旁添加一个注销链接。此退出链接将启动（还）另一个弹出窗口，以导航到Gmail / Yahoo / WindowsLive退出页面。

我并不喜欢这种方式，如果我的退出链接可以在不需要弹出窗口的情况下签出用户，那会更好。 IE我的应用程序会通过点击OAuth签出端点代表用户注销。

不太明确的方法是加载gmail注销页面（https://mail.google.com/mail/u/0/?logout&hl=zh-CN ）在我网站上隐藏的iframe中，当用户点击我的退出链接。这将有我以后的用户体验。

I have a website where I use Oauth to log users into Gmail, and then retrieve their contacts and other info. What do I need to do to ensure that when the user logs-off my website, he automatically logs out from Gmail too?

解决方案

This may be a shortcoming of the 3-legged OAuth flow. The user must sign into their account to provide consent, but once they provide the consent, the OAuth flow takes them away from Gmail. Since users are in a different mind-set when signing in to provide consent vs. signing in to send/check email, they may not realize that they remain signed in after the user flow returns to the OAuth consumer.

I have this issue with Gmail as well as Yahoo and WindowsLive.

In the absence of a standard, I'm considering modifying the user experience on my site to make it more obvious to the the user that they remain signed into their Gmail account and will remain so until they actively sign out. My best option at this point is to add a 'sign out' link beside the Gmail icon on my site. This 'sign out' link will launch (yet) another popup to navigate to the Gmail/Yahoo/WindowsLive Sign Out page.

I'm not in love with this approach, it would be better if my 'sign out' link could sign the user out without requiring a popup window. IE my application would sign out on behalf of the user by hitting an OAuth sign out endpoint.

A less explicit approach would be to load the gmail logout page (https://mail.google.com/mail/u/0/?logout&hl=en) in a hidden iframe on my site, when the user clicks on my 'sign out' link. This would have the UX I'm after.

这篇关于以编程方式通过Oauth从Gmail注销的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！