开发者

Programmatically logout from Gmail via Oauth

I have a website where I use 开发者_JS百科Oauth to log users into Gmail, and then retrieve their contacts and other info. What do I need to do to ensure that when the user logs-off my website, he automatically logs out from Gmail too?


As far as I know, there is no logout in OAuth. You simply stop sending tokens between your application and Gmail.


This may be a shortcoming of the 3-legged OAuth flow. The user must sign into their account to provide consent, but once they provide the consent, the OAuth flow takes them away from Gmail. Since users are in a different mind-set when signing in to provide consent vs. signing in to send/check email, they may not realize that they remain signed in after the user flow returns to the OAuth consumer.

I have this issue with Gmail as well as Yahoo and WindowsLive.

In the absence of a standard, I'm considering modifying the user experience on my site to make it more obvious to the the user that they remain signed into their Gmail account and will remain so until they actively sign out. My best option at this point is to add a 'sign out' link beside the Gmail icon on my site. This 'sign out' link will launch (yet) another popup to navigate to the Gmail/Yahoo/WindowsLive Sign Out page.

I'm not in love with this approach, it would be better if my 'sign out' link could sign the user out without requiring a popup window. IE my application would sign out on behalf of the user by hitting an OAuth sign out endpoint.

A less explicit approach would be to load the gmail logout page (https://mail.google.com/mail/u/0/?logout&hl=en) in a hidden iframe on my site, when the user clicks on my 'sign out' link. This would have the UX I'm after.


Unfortunately, opening an iframe will no longer work in newer browsers.

Google has started blocking requests coming from an iframe (except for the youtube embed iframes and any other officially supported ones)

http://groups.google.com/group/youtube-api/browse_thread/thread/2d2236731672a098

I had to do a terrible kludge of popping up a window, posting "action_logout" to www.youtube.com (thats where i wanted to log out from), and then closing that popped up window.

Not terribly happy with it, but seems to be the only solution so far.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜