Logout link with return URL (OAuth)

Question

My application is integrated with Facebook, Google and Microsoft (using OAuth).

To logout from facebook I\'m using the following URL:

https://www.fac         


        

Answer 1

You shouldn't be logging the user out of Facebook, Google, etc. You just need to log them out of your app. By redirecting them to accounts.google.com/Logout you're actually logging the user out of their Google account, which means if they also had Gmail open in another tab (say) they'd also be logged out of that. Similarly, if you redirect them to www.facebook.com/logout.php you're actually logging them out of Facebook, which means if they had Facebook open in another tab, they would be logged out of there as well.

Instead, all you should do, when the user logs out of your app, is "forget" the OAuth tokens.

Answer 2

I finally got the right links:

• Facebook:

https://www.facebook.com/logout.php?next=[YourAppURL]&access_token=[ValidAccessToken]

Source: A Working Facebook OAuth Logout URL

• Google:

https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=[http://www.mysite.com]

Source: google account logout and redirect

• Microsoft:

https://login.live.com/oauth20_logout.srf?client_id=[CLIENT_ID]&redirect_uri=[REDIRECT_URL]

Source: Server-side scenarios

Those links can be use like that in JavaScript:

function logout (){
document.location.href = "https://www.facebook.com/logout.php?next=[YourAppURL]&access_token=[ValidAccessToken]";
}

Suggestion to implement this: Logout from external login service (Gmail, facebook) using oauth