Announcement Announcement Module
Collapse
No announcement yet.
spring-social-quickstart logout Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • spring-social-quickstart logout

    i tried spring-social-quickstart but it does not logout from facebook.

    Please assist

  • #2
    That's correct...I wouldn't expect that it would logout from Facebook. You can sign out of the quickstart app, but that will have no effect on your login status with Facebook.

    What the quickstart is doing is an implicit signin via Facebook. In other words, it's using ProviderSignInController to perform a signin-via-facebook and then using your user details from Facebook as your user details within the app (no app-specific user details are maintained). When you click the "Sign Out" link, you sign out of the quickstart app...but again, you should still be signed into Facebook.

    I can see how the wording might be confusing and lead you to believe that you're signing into and signing out of Facebook. Perhaps the signin button should read "Sign In Via Facebook" or the signout button should say "Sign Out of Quickstart" to be more clear. I'll consider changing those.

    Comment


    • #3
      But it is not really signout of the app as well.

      once you click signin again. it checks the connection and reassign a new app connection and you are back in.

      How do i signout of facebook in this case

      Comment


      • #4
        Actually you *are* signed out of the app--When you click the signout link, UserInterceptor handles it by removing the app cookie and removing the security context. Regarding the Spring Social Quickstart app, you are, in fact, no longer signed in.

        Regarding Facebook, however, you are still signed in and thus clicking the signin again reestablishes the connection and (if good) will recreate the cookie and security context and you're back in.

        It is possible to sign out of Facebook as well, either by using their JavaScript library or by redirecting the user to https://www.facebook.com/logout.php?...R_ACCESS_TOKEN. But Spring Social doesn't have anything to directly help you with that; but I suppose that the signout link could go to that URL and then the redirect URL be the existing /signout link.

        In any case, it is debatable whether or not it is a good practice to let an application sign anyone out of Facebook. Personally, I'd find that annoying, as I may use Facebook for other purposes than just this one app and would have to sign back into FB to use those other apps.

        Comment


        • #5
          for the benefit of the community. The proposed url works for logout. If you can get your hands on the accesstoken

          Comment


          • #6
            Hi,

            I'm facing with similar issue but with additional unexpected behaviour. My web application uses Spring Security (annotations) and Spring Social.

            In my web app the user can log in either by his username/password or by his LinkedIn account. Both works ok.
            However, the unexpected behaviour occurs when clicking on Sign Out button (the user is redirected to the signout page) and after that clicking the browser back button. Since the previous page is in secured area I would expect to be redirected to the login page. BUT, it seems that the /auth/linkedin is called and I am in again in the page.

            Why Spring Security didn't block me??

            Thanks,
            Shahar.

            Comment

            Working...
            X