I have used the Google Identity API to sign in to the user. It works perfectly while signing in.
But the sign-out doesn't work I don't know why.
This is the sign-out code:
const button = document.getElementById('signout_button');
button.onclick = () => {
google.accounts.id.disableAutoSelect();
console.log('logged out');
};
But it doesn't work even if press the button.
I want this google box to turn into the button sign in after I sign out but it doesnt work:
You're doing the right thing by calling disableAutoSelect() in your sign-out onclick handler, but it only applies to and controls the behavior for the automatic sign-in button. It doesn't affect One Tap or the Sign In With Google button.
To further clarify what it means to be signed in... there are two user sessions:
between the user and their Google Account
between the user and your app
You'll manage 2, but 1 is not managed by you. For 1 users may be signed into their Google Account from a tab, the browser, or a device/OS. This establishes which Google Account has an active session. The state of this session is independent from 2 where you're managing sign-in or sign-out status for your app.
For case 2: sign-in to your site you'll receive a JWT from Google after user consent and can proceed with changing the sign in state for your app. One means of track sign-in state is using cookies. To make this easier to manage in HTML, the data-skip_prompt_cookie attribute is available to enable you to use a cookie to control if the One Tap popup, automatic sign-in option will be displayed, or not. You'd normally want to suppress the popup if the user is signed-in... and the cookie value tracks signed-in status. If you're using JavaScript your simply skip calling google.accounts.id.prompt to not force the user to sign-in again if they're already signed into your site.
OK. Now that we've gone over a couple methods to establish 2. we can get to what it means to be signed out of your site...
To sign-out, from your button.onclick handler either clear the data-skip_prompt_cookie or change the status if you are using JavaScript to tracking session state using your back end. This then will enable you to display One Tap popup or Automatic sign-in prompt to signed-out users on their return visit to your site. The absence of the cookie means the sign-in prompts will be displayed, or your JS code will call google.accounts.id.prompt to display the sign-in prompts.
Now to be really thorough there is one more scenario to be aware of. If a user wants to delete their account from your site you'll want to use google.accounts.id.revoke to revoke consent to share their profile. Doing this will stop the JWT from being shared when One Tap, automatic sign-in or Sign In With Google buttons are used. Instead, the flow will restart and the user will be prompted to choose a Google Account and consent--effectively restarting your sign-in flow for 2.
Related
In my project, I use regular popup client-sided JS authentication (platform client)
I migrated from old Google Sign in to new Google Identity Platform (gsi client)
I used the simple exemple code
window.onload = function () {
google.accounts.id.initialize({
client_id: 'YOUR_GOOGLE_CLIENT_ID',
callback: handleCredentialResponse,
auto_select: true
});
google.accounts.id.prompt();
}
My problem is, each time a user reload the page, he gets the One Tap UX prompt which take tremendous time
A second problem to that is if a user have 2 Google account connected to his browser, the prompt ask him to choose the account everytime he reloads (like it's not saved)
How can I achieve the behavior I had with the last library which is too simply have nothing changed at page reload but only when connecting the first time ?
I think Automatic sign-in is what you need.
Google One Tap supports automatic sign-in, which provides a frictionless user experience (UX) by removing the manual steps visitors must take when returning to your site. Users don't need to remember which Google Account they selected during their last visit, decreasing the chances of unnecessary duplicate accounts being created on your platform.
Automatic sign-in is intended to complement our Sign In With Google button and One Tap dialogs. It is designed to be used across your entire site, with manual sign-up or switching accounts occurring only after the user has first signed-out of your site.
To enable automatic sign-in, add data-auto_select="true" to your HTML code, as shown in the following snippet:
<div id="g_id_onload"
data-client_id="YOUR_GOOGLE_CLIENT_ID"
data-auto_select="true"
data-login_uri="https://your.domain/your_login_endpoint">
</div>
Refer: https://developers.google.com/identity/gsi/web/guides/automatic-sign-in-sign-out#sign-in-users-automatically
After some research it was determined that this issue might be caused by callback function that handles an ID token.
I would like to add that your Singing method is correct and other users also do it this way as seen here.
I think you should take a look at the Authenticate with a backend server guide to know how to handle these tokens, .
I integrated Google Sign-In on my website.
However, if I visit my website again without cleaning the history of the browser, it automatically signs in the website and moves to the redirected page.
If I sign out and go back to the sign in page, it does not automatically signs in, however, if I click the Google Sign-In button, it does not ask me my account and password and send me to the redirected page.
I want to make the browser stay at the sign-in page until a user clicks the Google Sign-In button. Also, I want it to ask a user her/his account and password every time.
How can I do that?
Thank you.
Last Part: I want it to ask a user her/his account and password every time. :
If user has authenticated the app (Give permission on first time), then it will not ask for username or password from next time that is 'Allow Access' page will not come. (Given User is also SignedIn in browser with same google account)
However if user is not signed in, then Google will ask to Sign in through pop up window.
First Part : Only cleaning the history will not help. Try clearing Cache of the browser (Ctl-Shft-Del shortcut).
Scenario:
User signs in with Google Plus button on Page 1.
The app creates a session and renders Page 2, which has a hidden G+ signin button.
The app waits for the signin callback to be fired before accessing some Google resources.
This works fine if the user is only signed-in to one Google account, but if the user is signed in to more than one account, the callback is fired with 'immediate_failed' error, meaning that the user needs to press the button again. I don't want the user to have to sign-in again, or run the risk that he uses two different accounts for the two sign-ins.
Is there a way to persist the Google user chosen in step 1 to step 3?
I have created simple javascript widget where login happens using Facebook Single Sign On. It logins the person whenever he is logged in to facebook (after authorization for the first time). However, it also logs out the user when Facebook logout happens. I want the person to not get logged out when the person logs out of Facebook?
Suggest me what is the way around.
It is not possible to keep a facebook connection going once they are logged out. The way around would be to create your own user tracking.
Once a user is logged in through facebook - store their information in a session (cookie, table) and then rely only on that to check if this user is still logged in (you will need to implement your own logout too). This will work only if you use facebook as a login provider, if you need some interactions with facebook api that require login - they have to be logged in to facebook.
I want to implement something similar to what Digg has done.
When the user logs in for the first time, I want it to force them to create an account on my site.
More importantly I want to know how to log a user into my site when they login with facebook connect. If they login with facebook connect, they still haven't provided me the password to their account on my site, so I can't use username/password to log them into my site. How do they do this on Digg or sites similar to this?
Facebook's process flow can definitely be a bit confusing. Take a step back from the details and the API, and look at the overall flow here:
Facebook Connect will tell you that a user is logged into Facebook, and give you their Facebook ID. You can validate that ID against Facebook using Facebook Connect to make sure it is properly logged in. Once this is done, you don't need a user name and password. As long as you trust that Facebook has authenticated the person properly, they are the only ones that can come to your site using that Facebook ID. That is enough information to start an authenticated session based around a local account that is associated with that ID.
The process you should follow is like this:
User logs in to your site with
Facebook Connect for the first time
You notice that you don't have a local account associated with that
Facebook ID, and prompt them to
enter local account information
You save that information along with their Facebook ID
The next time you see that Facebook ID (and validate that it is
logged into Facebook using the
Facebook API), you can start up a
local session using the associated
account.
Basically you end up with two separate methods of authentication: a Facebook Connect ID check, or the regular username/password login on your site. Either one should have the end result of starting a local authenticated session.
Hope that helps.