I integrated Google Sign-In on my website.
However, if I visit my website again without cleaning the history of the browser, it automatically signs in the website and moves to the redirected page.
If I sign out and go back to the sign in page, it does not automatically signs in, however, if I click the Google Sign-In button, it does not ask me my account and password and send me to the redirected page.
I want to make the browser stay at the sign-in page until a user clicks the Google Sign-In button. Also, I want it to ask a user her/his account and password every time.
How can I do that?
Thank you.
Last Part: I want it to ask a user her/his account and password every time. :
If user has authenticated the app (Give permission on first time), then it will not ask for username or password from next time that is 'Allow Access' page will not come. (Given User is also SignedIn in browser with same google account)
However if user is not signed in, then Google will ask to Sign in through pop up window.
First Part : Only cleaning the history will not help. Try clearing Cache of the browser (Ctl-Shft-Del shortcut).
Related
I have used the Google Identity API to sign in to the user. It works perfectly while signing in.
But the sign-out doesn't work I don't know why.
This is the sign-out code:
const button = document.getElementById('signout_button');
button.onclick = () => {
google.accounts.id.disableAutoSelect();
console.log('logged out');
};
But it doesn't work even if press the button.
I want this google box to turn into the button sign in after I sign out but it doesnt work:
You're doing the right thing by calling disableAutoSelect() in your sign-out onclick handler, but it only applies to and controls the behavior for the automatic sign-in button. It doesn't affect One Tap or the Sign In With Google button.
To further clarify what it means to be signed in... there are two user sessions:
between the user and their Google Account
between the user and your app
You'll manage 2, but 1 is not managed by you. For 1 users may be signed into their Google Account from a tab, the browser, or a device/OS. This establishes which Google Account has an active session. The state of this session is independent from 2 where you're managing sign-in or sign-out status for your app.
For case 2: sign-in to your site you'll receive a JWT from Google after user consent and can proceed with changing the sign in state for your app. One means of track sign-in state is using cookies. To make this easier to manage in HTML, the data-skip_prompt_cookie attribute is available to enable you to use a cookie to control if the One Tap popup, automatic sign-in option will be displayed, or not. You'd normally want to suppress the popup if the user is signed-in... and the cookie value tracks signed-in status. If you're using JavaScript your simply skip calling google.accounts.id.prompt to not force the user to sign-in again if they're already signed into your site.
OK. Now that we've gone over a couple methods to establish 2. we can get to what it means to be signed out of your site...
To sign-out, from your button.onclick handler either clear the data-skip_prompt_cookie or change the status if you are using JavaScript to tracking session state using your back end. This then will enable you to display One Tap popup or Automatic sign-in prompt to signed-out users on their return visit to your site. The absence of the cookie means the sign-in prompts will be displayed, or your JS code will call google.accounts.id.prompt to display the sign-in prompts.
Now to be really thorough there is one more scenario to be aware of. If a user wants to delete their account from your site you'll want to use google.accounts.id.revoke to revoke consent to share their profile. Doing this will stop the JWT from being shared when One Tap, automatic sign-in or Sign In With Google buttons are used. Instead, the flow will restart and the user will be prompted to choose a Google Account and consent--effectively restarting your sign-in flow for 2.
I am trying to have new users register to my site from an AMP page. However, if the user is a logged-in member, I do not want to show a meter/or registration wall.
Currently, I can check the log-in status via cookies or tokens, but without javascript, and not making a call to an endpoint to check the user's log-in state, the AMP page does not know whether the user is logged-in or not.
I know that the reader_id that is set by the AMP ecosystem can see if a user is logged-in or not, but that is not the case if the logged-in user arrived on the AMP page from a non-AMP page or non-AMP initiated log-in page.
Is there any way for my AMP page to know if a user is logged in through cookies, tokens, API calls? And subsequently add logic to show/hide the registration wall based on the logged-in state?
I'm validating the user's account if he is allowed to sign in.
When he isn't allowed, he will be signed out with:
gapi.auth2.getAuthInstance().signOut()
The problem is when he presses the sign in button again, the account chooser won't appear.
It just uses the old cached account and he will be immediately signed out again.
How can I delete the cookies, in order to show the account chooser again?
Haven't confirmed yet, but you might want to revoke the access instead of signOut().
https://developers.google.com/identity/sign-in/web/disconnect
I am working on login with facebook into our site. I am using facebook js sdk for this. Now, if I clicked on fb login button (which is placed in our site), it opens a popup window asking for user name and password. If I login here by entering correct username and password, its logging in, after that, it gives the required info to me. so, I am passing that info into our site and logging the user. No issue in this flow. But, if user already logged into facebook directly by opening facebook.com from browser and opened our site in separate tab . Our site will also contains "login with facebook" button. So, when user clicks on this button, it opens a login window and closes immediately without giving any user info. I guess it is because, user already logged into facebook. But here also I need the logged in user info. How do I achieve this?
Please help me out.
Any help would be appreciable.
I have ASP.NET web application that
Runs on public computers
Allows users to register by using their Facebook accounts.
Must always logout a user from the Facebook after registration has been completed.
Registration process contains the following steps:
Registration page is shown with the Facebook icon.
When user clicks on the Facebook icon, he is redirected to the Facebook web site.
On the Facebook site user enters his email and password and clicks login.
On the Facebook site user clicks Allow to authorize my application.
User is redirected to my application.
The application registers used in the database.
The application calls FB.logout in order to logout from the Facebook. So when new user starts registration he cannot use account of previous user.
The application works perfect until user clicks Cancel at step 4.
When this happens, the browser is redirected to my application, the user remains signed into the Facebook but the application is not authorized by this user. This means that the application cannot logout this user from the Facebook by using the FB.logout method because the application does not have access token.
How to logout from the Facebook in this case?
Thank you.
How to logout from the Facebook in this case?
Not possible at all.
If logging a user out without a valid access token was possible, then every website I’m visiting could do that if they liked – I’m sure you can see how annoying that’d be to users, and that it’s therefor not possible.