Android oauth2 logout from Facebook/Google

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Android oauth2 logout from Facebook/Google

bianghouse
Hi, I'd like to know if there's a way to perform a logout or revoke access from socialproviders.
I'm currently using Android Authorization (OAuth2) to connect my app to social-platforms.
Taking a look at AuthzModule interface it declares the following methods

 public boolean isAuthorized();
public boolean hasCredentials();
 public void requestAccess(Activity activity, Callback<String> callback);
 public boolean refreshAccess();
public void deleteAccount();

I tried with deleteAcccount() method with no luck, when I try to login with a new login user  no OAuthWebViewDialog appears and my app redirects to succeeded login with the old credentials.

Thanks in advance.
M.
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] Android oauth2 logout from Facebook/Google

Summers Pittman


On Sat, Feb 13, 2016 at 4:12 AM, bianghouse <[hidden email]> wrote:
Hi, I'd like to know if there's a way to perform a logout or revoke access
from socialproviders.
I'm currently using Android Authorization (OAuth2) to connect my app to
social-platforms.
Taking a look at AuthzModule interface it declares the following methods

 public boolean isAuthorized();
public boolean hasCredentials();
 public void requestAccess(Activity activity, Callback<String> callback);
 public boolean refreshAccess();
public void deleteAccount();

I tried with deleteAcccount() method with no luck, when I try to login with
a new login user  no OAuthWebViewDialog appears and my app redirects to
succeeded login with the old credentials.


The answer is "its complicated".  `deleteAccount` removes the account information from what Aerogear knows about, but your WebView or web browser (if you use an intent) may still know about your authorizations.  When we request from the WebView/Browser a token it will use its cached credentials to log in and fetch the token.

You can confirm that you are logged out by trying to make a call using your pipe.  You should get a failure.

It looks like we could, as part of delete account with the webview AuthzModule clear the cookies.  

I've created a issue to track this here : https://issues.jboss.org/browse/AGDROID-521

 
Thanks in advance.
M.



--
View this message in context: http://aerogear-dev.1069024.n5.nabble.com/Android-oauth2-logout-from-Facebook-Google-tp12348.html
Sent from the aerogear-dev mailing list archive at Nabble.com.
_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev


_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev