Logout with django-social-auth

rookieRailer picture rookieRailer · Jan 25, 2013 · Viewed 10.2k times · Source

I am dabbling a little with django-social-auth using twitter authentication.

I can login.

But, when I try to log out using django.contrib.auth.logout, it doesn't log out.

What's the way to logout?

Thanks.

Answer

Danilo Bargen picture Danilo Bargen · Apr 19, 2013

Are you trying to log out just from the Django app or do you want to "forget" the Twitter access? Usually the twitter auth token is stored for simplified login the next time a user wants to connect to twitter, so the user doesn't have to "accept" the access again.

Django logout

If you just want to logout from the Django auth system, it should be enough to use the django.contrib.auth.views.logout view or to create a custom logout view.

Social auth disconnect

To completely unlink/disconnect a social account, you need to use the disconnect functions in social-auth. You can get the disconnect url using the following template tag:

{% url "socialauth_disconnect" "backend-name" %}

For more information, please refer to http://django-social-auth.readthedocs.org/en/v0.7.22/configuration.html#linking-in-your-templates.

Force approval prompt

Because you've already allowed your app access to the OAuth provider, the auth provider will remember that decision. There are usually two ways to force a confirmation of that access permission:

  • Revoke the access permission in the management console of your auth provider (e.g. disapprove twitter app access).
  • Set an extra OAuth argument that forces the approval prompt. I'm not sure if Twitter provides such a thing, but if you're using Google OAuth2 you can simply add {'approval_prompt': 'force'} to the GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS setting.