You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What steps will reproduce the problem? If possible, provide a live demo of the issue. 1. Go to https://writerduet.com and open debugger console
2. Run the following code:
gapi.auth.authorize({ 'client_id': CLIENT_ID, 'scope': SCOPES, 'immediate': false, cookie_policy: 'single_host_origin'}, function (authResult) {
gapi.auth.signOut();
setTimeout(function() {
gapi.auth.authorize({ 'client_id': CLIENT_ID, 'scope': SCOPES, 'immediate': true, cookie_policy: 'single_host_origin'}, function (authResult) {
if (authResult && !authResult.error)
alert("Wrong! Still signed in");
else
alert("Correct! Signed out");
})
}, 5000);
});
Sign into a google account and wait 5 seconds. What is the expected output? What do you see instead? You should see the alert "Correct! Signed out" but instead see "Wrong! Still signed in" - this means that signOut() isn't working! What version of the product are you using? On what operating system? Client library here: https://apis.google.com/js/client.js Tested on OSX 10.9.4, Chrome and Firefox Please provide any additional information below. I debugged the compressed JS code and found that the signOut() function isn't doing anything. The problem is that this function is returning null, because a.id_token doesn't exist:
Vv = function(a) {
a = a && a.id_token;
if (!a || !a.split(".")[1])
return null;
a = (a.split(".")[1] + "...").replace(/^((....)+).?.?.?$/, "$1");
return .Qn(.sh(a, !0))
};
I assume the problem is that gapi.auth.getToken() is returning an object with no field id_token.
This used to work (I tested it a month or two ago), and I haven't changed my gapi code since. Seems crazy that this bug could exist, but signOut() clearly is not working in this case.
signOut() is only "guaranteed" to work with signIn(), since signIn() adds response_type: 'id_token'. Without this, no id_token is returned, so signOut() can't mark a particular user as signed out.
This modified snippet does work:
gapi.auth.authorize({ 'client_id': CLIENT_ID, 'scope': SCOPES, 'immediate': false, cookie_policy: 'single_host_origin', response_type: 'token id_token'}, function (authResult) {
gapi.auth.signOut();
setTimeout(function() {
gapi.auth.authorize({ 'client_id': CLIENT_ID, 'scope': SCOPES, 'immediate': true, cookie_policy: 'single_host_origin'}, function (authResult) {
if (authResult && !authResult.error)
alert("Wrong! Still signed in");
else
alert("Correct! Signed out");
})
}, 5000);
});
This is one consequence of using OAuth2 for "sign in" specifically. Arguably, better semantics for signOut() are to apply to a whole session rather than a user-session, which I'll discuss further internally.
It's curious that this ever worked though. Looking into whether anything has changed in terms of server responses.
Thanks for that explanation, but I just tried the code snippet you provided (in a new Chrome private browser session) and it still did the alert("Wrong..."). Are you seeing different behavior?
wprater
pushed a commit
to wprater/google-signin
that referenced
this issue
Feb 7, 2015
From g...@writerduet.com on September 20, 2014 20:15:35
What steps will reproduce the problem? If possible, provide a live demo of the issue. 1. Go to https://writerduet.com and open debugger console
2. Run the following code:
gapi.auth.authorize({ 'client_id': CLIENT_ID, 'scope': SCOPES, 'immediate': false, cookie_policy: 'single_host_origin'}, function (authResult) {
gapi.auth.signOut();
setTimeout(function() {
gapi.auth.authorize({ 'client_id': CLIENT_ID, 'scope': SCOPES, 'immediate': true, cookie_policy: 'single_host_origin'}, function (authResult) {
if (authResult && !authResult.error)
alert("Wrong! Still signed in");
else
alert("Correct! Signed out");
})
}, 5000);
});
Vv = function(a) {
a = a && a.id_token;
if (!a || !a.split(".")[1])
return null;
a = (a.split(".")[1] + "...").replace(/^((....)+).?.?.?$/, "$1");
return .Qn(.sh(a, !0))
};
I assume the problem is that gapi.auth.getToken() is returning an object with no field id_token.
This used to work (I tested it a month or two ago), and I haven't changed my gapi code since. Seems crazy that this bug could exist, but signOut() clearly is not working in this case.
Original issue: http://code.google.com/p/google-api-javascript-client/issues/detail?id=162
The text was updated successfully, but these errors were encountered: