Google logout using api javascript/jquery

jquery google-app-engine google-api-js-client
Parasignals picture Parasignals · Feb 6, 2013 · Viewed 8.2k times · Source

In my web application, I allow users to login using the auth command in the API Client Library but I cannot find a Logout option for the Google API JavaScript Client Library.

Can any one suggest how can i Logout of my application as well as google account??

My Login Code is:

var OAUTHURL = 'https://accounts.google.com/o/oauth2/auth?';
var VALIDURL = 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=';
var SCOPE = 'https://www.googleapis.com/auth/userinfo.profile';
var CLIENTID = googleAPI;
var REDIRECT = redirectUrl;
var TYPE = 'token';
var _url = OAUTHURL + 'scope=' + SCOPE + '&client_id=' + CLIENTID + '&redirect_uri=' + REDIRECT + '&response_type=' + TYPE;
var acToken;
var tokenType;
var expiresIn;
var user;
$('#googleLogin').click(function(){
        var win = window.open(_url, "windowname1", 'width=800, height=600');

        var pollTimer = window.setInterval(function () {
            if (win.document.URL.indexOf(REDIRECT) != -1) {
                window.clearInterval(pollTimer);
                var url = win.document.URL;
                acToken = gup(url, 'access_token');
                tokenType = gup(url, 'token_type');
                expiresIn = gup(url, 'expires_in');
                win.close();

                validateToken(acToken);
            }
        }, 100);
});
function validateToken(token) {
        $.ajax({
            url: VALIDURL + token,
            data: null,
            success: function (responseText) {
                getUserInfo();
            },
            dataType: "jsonp"
        });
}

Answer

Dan Holevoet picture Dan Holevoet · Feb 6, 2013

Do not log your users out of their Google Account when they sign out of your application. This behavior is unexpected and annoying to users.

You should, at most, be trying to figure out how to "log out" users of your application. (I put it in quotes, because depending on your implementation, the app might be faking it).

If you care only about hiding elements in the UI, you can set a variable, e.g. signedIn, and set or unset it when the user hits a login/logout button. If you care about persisting this state across sessions, use a cookie that stores the same value.

If you want to make sure the person on the other side of the keyboard is really the signed in user, you can use the max_auth_age parameter on the authorize call. If you set it to 0, users will need to re-authenticate with Google before your app gets a valid token. If you pair this with an automatic session expiration (like you'd see on a bank or health website), you can be relatively confident of the identity of the current user.

Related questions

JSONP request fails when https is used instead of http

I have an API client which makes a JSONP request using JQuery. Everything works fine when this API client's not using SSL however fails when the SSL is used. For example I have a URL http://apiclient.com and I …

Read More
CORS - Using AJAX to post on a Python (webapp2) web service

This is going to be long: Ok so I'm developing a google calendar gadget which sends requests to a Python webapp2 REST api hosted on Google App Engine. The problem comes when I try to POST something it doesn't allows …

Read More
How do I redirect to another webpage?

How can I redirect the user from one page to another using jQuery or pure JavaScript?

Read More