如何通过gem OmniAuth Facebook / Twitter注销社交网站
[英]How to log out social sites via gem OmniAuth Facebook/Twitter
问题描述
I am using omniauth-facebook and omniauth-twitter gems to enable log in via Facebook, Twitter. 
我正在使用omniauth-facebook和omniauth-twitter gems来启用通过Facebook,Twitter登录。
Everything works fine, I am able to authenticate user using OAuth . 一切正常,我能够使用OAuth验证用户。 The BIG problem here is that when user is signed out from my application, it doesn't log out from the social site that they authenticated from, which is dangerous. 这里的BIG问题是,当用户从我的应用程序注销时,它不会从他们认证的社交网站注销,这很危险。
I would like to add a functionality that will destroy the session in both places ie, my application and the corresponding social site. 我想添加一个功能,将破坏两个地方的会话,即我的应用程序和相应的社交网站。 How do I do that? 我怎么做? Is it possible using the omniauth gems that I am currently using? 是否可以使用我目前使用的omniauth gems ? Or is there an alternative gem/API available to achieve this? 或者是否有可用于实现此目的的替代gem / API?
1 个解决方案
解决方案1
3 2014-03-14 09:05:50
It seems to me that the problem is we don't know the user's intent. 在我看来,问题是我们不知道用户的意图。 If the user logs out from your app and they don't have other tabs open with Facebook and then they walk away from the computer thinking they're all done but leave the browser open, then yes, that would be bad. 如果用户从您的应用程序注销并且他们没有其他标签打开Facebook,然后他们离开计算机,认为他们已经完成但是让浏览器打开,那么是的,这将是糟糕的。 On the other hand, if they have another tab which is on Facebook, if they log out of your app and then switch to the other tab expecting to carry on using Facebook, they'll be annoyed. 另一方面,如果他们在Facebook上有另一个标签,如果他们退出你的应用程序,然后切换到期望继续使用Facebook的其他标签,他们将会生气。 You could argue that annoying people is better than leaving them logged in to Facebook unwittingly - I'd generally agree! 你可能会说,讨厌的人比让他们不知不觉地登录Facebook更好 - 我一般都同意!
I don't know of a nice/official way to do this if you're handling the login flow server-side. 如果您正在处理登录流服务器端,我不知道这样做的好/官方方式。 Some suggest building a normal Facebook url - see https://stackoverflow.com/a/8765863 - and I guess you could redirect to that and make it redirect back if that approach still works (it's an old answer), but it feels brittle as the user implies. 有人建议建立一个正常的Facebook网址 - 请参阅https://stackoverflow.com/a/8765863 - 我想你可以重定向到那个并重新定向,如果这种方法仍然有效(这是一个老答案),但它感觉很脆弱正如用户所暗示的那样
If you're using the javascript api, there's the FB.logout function: 如果你使用的是javascript api,那就是FB.logout函数:
https://developers.facebook.com/docs/reference/javascript/FB.logout/ https://developers.facebook.com/docs/reference/javascript/FB.logout/
and/or the auto-display of a logout button instead of the login button using the auto_logout_link parameter: 和/或使用auto_logout_link参数自动显示注销按钮而不是登录按钮:
https://developers.facebook.com/docs/plugins/login-button/ https://developers.facebook.com/docs/plugins/login-button/
One option which covers both user intent scenarios is to have your normal logout button which obviously kills your app's session and when they click it, redirect to a page which has a "Logout from Facebook?" 涵盖用户意图场景的一个选项是使用正常的注销按钮显然会杀死应用程序的会话,当他们点击它时,重定向到一个“从Facebook注销?”的页面。 button - perhaps using the javascript login button with the auto_logout_link parameter. 按钮 - 可能使用带有auto_logout_link参数的javascript登录按钮。 Then they can logout from Facebook if they're done with the computer, or choose not to click it if they have Facebook open in another tab and want to continue using it. 然后,如果他们已完成计算机,他们可以从Facebook注销,或者如果他们在另一个选项卡中打开Facebook并且想继续使用它,则选择不点击它。
As I'm sure you know, omniauth-facebook supports both server-side and client-side login flows. 我相信你知道,omniauth-facebook支持服务器端和客户端登录流程。
I'm not sure if an equivalent is possible with omniauth-twitter - I don't have experience with it. 我不确定omniauth-twitter是否可以使用它 - 我没有相关经验。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.