stackoom
  简体   繁体   中英

How to log out social sites via gem OmniAuth Facebook/Twitter

 原文  2014-03-04 22:47:48       ruby-on-rails/ facebook/ twitter/ ruby-on-rails-4/ omniauth

Question

I am using omniauth-facebook and omniauth-twitter gems to enable log in via Facebook, Twitter.

Everything works fine, I am able to authenticate user using OAuth . The BIG problem here is that when user is signed out from my application, it doesn't log out from the social site that they authenticated from, which is dangerous.

I would like to add a functionality that will destroy the session in both places ie, my application and the corresponding social site. How do I do that? Is it possible using the omniauth gems that I am currently using? Or is there an alternative gem/API available to achieve this?

1 answers

solution1
 3  2014-03-14 09:05:50

It seems to me that the problem is we don't know the user's intent. If the user logs out from your app and they don't have other tabs open with Facebook and then they walk away from the computer thinking they're all done but leave the browser open, then yes, that would be bad. On the other hand, if they have another tab which is on Facebook, if they log out of your app and then switch to the other tab expecting to carry on using Facebook, they'll be annoyed. You could argue that annoying people is better than leaving them logged in to Facebook unwittingly - I'd generally agree!

I don't know of a nice/official way to do this if you're handling the login flow server-side. Some suggest building a normal Facebook url - see https://stackoverflow.com/a/8765863 - and I guess you could redirect to that and make it redirect back if that approach still works (it's an old answer), but it feels brittle as the user implies.

If you're using the javascript api, there's the FB.logout function:

https://developers.facebook.com/docs/reference/javascript/FB.logout/

and/or the auto-display of a logout button instead of the login button using the auto_logout_link parameter:

https://developers.facebook.com/docs/plugins/login-button/

One option which covers both user intent scenarios is to have your normal logout button which obviously kills your app's session and when they click it, redirect to a page which has a "Logout from Facebook?" button - perhaps using the javascript login button with the auto_logout_link parameter. Then they can logout from Facebook if they're done with the computer, or choose not to click it if they have Facebook open in another tab and want to continue using it.

As I'm sure you know, omniauth-facebook supports both server-side and client-side login flows.

I'm not sure if an equivalent is possible with omniauth-twitter - I don't have experience with it.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I log out of Facebook when using OmniAuth? How to fetch facebook profile data using omniauth-facebook gem? How to use omniauth gem to get twitter user id? Devise + Omniauth Twitter + Twitter Gem updating attributes omniauth-twitter gem not redirecting to twitter Rails 4 omniauth for facebook, twitter login How to accomplish multiple authentication using Devise Omniauth + (Facebook , Twitter, Google )? How do I fetch the access token for a user using the Twitter gem and the Omniauth gem when the users is already logged in? Rails: Twitter Omniauth gem 401 Unauthorized Error Change Twitter provider after initialization with Omniauth gem
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM