I'm using the Facebook login with Koala for my RoR web application.
I'm using Clearance authentication, and when user logs in with Facebook I'm recognizing the site existing user or subscribing a new user.
I am having an issue with logging out:
I'm trying to logout of the site without logging out of Facebook.
As I understood from the FB API, I should use the url for logging out:
"https://www.facebook.com/logout.php?next=#{sign_in_url}&access_token=#{access_token}".
When directing to that URL it seems like cookies changed, but then on the sign_in page when getting to the parse facebook cookies part (for checking if user logged in to facebook), the
oauth.get_user_from_cookies(cookies)
returns:
OAuthException: Code was invalid or expired. The session is invalid because the user logged out
Like it deletes the whole session instead of just change the cookies...?
* I checked and the cookie fbsr_... still exists! shoudln't it be changed to fbs_...?!
I would appreciate help on this.
Thanks a lot!
Moozly.
Related
I have an ruby on rails application that uses devise and omniauth-twitter gem to handle user management and authenication. Users can only login through twitter. I already have the application authenticating, however I would like to allow users to write a tweet; and if they are not logged in, authenticate through twitter then have the tweet they wrote before the authentication post to twitter.
I was wondering what is the best way to go about doing that?
Can I capture a request if a user is not logged in, log them in, then preform the captured request?
Just not sure how to go about doing this.
Thanks.
I have a RoR app using omniauth. I want to allow the user to log out so that they can sign in with a different Facebook user, but no matter what I do, once a user logs into FB, it keeps them logged in.
I have tried:
https://www.facebook.com/logout.php?next=&access_token=
To no avail. I also tried the reauth option for omniauth-facebook but that resulted in the user being brought to FB rather than to my specified redirect URL.
Its easy, add this to your javascript initialization code: (after FB.init)
FB.logout(function(response) {
FB.Auth.setAuthResponse(null, 'unknown');
setTimeout('document.location.reload()',0);
});
And the button of sign out:
Logout
Using the approach https://www.facebook.com/logout.php?next=&access_token= will make your user leave your page, as facebook won't redirect to your website again.
I hope this will solve your problem.
I have implemented Sign in with Twitter on my web site using DotNetOpenAuth lib using asp.net mvc 3.
My problem is that every time the user click Sign-in with twitter it redirects him to a twitter page (even if he is already logged in to twitter).
I saw that sites like www.pinterest.com avoids this somehow.
How can I avoid the redirect to Twitter sign-in page if the user is already logged in to twitter?
This is called Sign in with Twitter. Redirect users to https://api.twitter.com/oauth/authenticate?oauth_token=xyz instead of https://api.twitter.com/oauth/authorize?oauth_token=xyz. If the user is has an active session with twitter.com and has previously authorized the application they will silently be redirected to the callback url.
I built authorization to Ruby on Rails application using omniauth and facebook. Unfortunately after logout from facebook, user is still logged in to Rails app.
How do I know that user was logged out from facebook?
I can't send authorization request every time when I need to trigger some action.
Is it possible that facebook will send some request after user is logged out?
Or maybe there is some cookie that I can read and I will know that user was logged out from facebook?
You can trigger a logout in Facebook from your application using the Javascript SDK. You can also use FB.getLoginStatus to detect whether the user is logged in to your application.
That being said, these have to be enabled through the Javascript SDK which is completely separate from the OAuth 2.0 API and the way that OmniAuth connects to Facebook.
User login my application with oauth, after logout my application but twitter can't do, problem is user twitter account is active.
when that logout my application at the same time logout twitter
twitter api not support this action?
No, the twitter API will not log your users out of twitter.
account/end_session only ends the current API Session. I'm working on an site that requires users to be able to log out and then log back in again with another twitter account. To do that, you have to store multiple access tokens per user and establish one as the current access token. More info in the link below.
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/02e44b27d7ba3661?pli=1
As far as signing out of twitter, it's up to the user to sign into twitter and sign out themselves, which is not ideal if working on a shared computer.
Twitter just closing the session at api ,not close the session on Twitter :)
You'll have to call account/end_session to end the session of the authenticated user on twitter.
Old thread agreed, I just integrated Twitter login in my android app using Fabric. I found the following method
com.twitter.sdk.android.Twitter.logOut
I guess they have implemented it now! I couldn't find any documentation, honestly I've not put too much time into it. But I think logout means what I think it means :)
Twitter does not have api for logout. You can use the session closing api to end the user session.
You can use oauth/authenticate or oauth/authorize and add "force_login=true" parameter. This will prompt the user with a login form.
view this thread