Logout with python-social-auth

Question

I am using python-social-auth for my third-party login and logout. Sign in with Facebook, Twitter and Google Plus were a success at first (it will ask my username/email and password). My problem is when I log out and then sign in again through either of them, I will be signed in automatically without even asking my username/email and password again. Am I not logged out?

This is my disconnect pipeline:

SOCIAL_AUTH_DISCONNECT_PIPELINE = (
    'social.pipeline.disconnect.allowed_to_disconnect',
    'social.pipeline.disconnect.get_entries',
    'social.pipeline.disconnect.revoke_tokens',
    'social.pipeline.disconnect.disconnect',
)

This is my logout view:

from django.contrib.auth import logout as auth_logout

def logout(request):
    auth_logout(request)
    return render_to_response('logged-out.html', {}, RequestContext(request))

Try this one: http://stackoverflow.com/questions/14529815/logout-with-django-social-auth — Nuran Afrasiyabov, Oct 19 '16 at 08:06
@NuranAfrasiyabov i've seen this question and tried every solution there but it didn't help me. still Facebook, Twitter and Google Plus is logged in even if I log out. — Jan Wilmar, Oct 20 '16 at 00:27

score 2 · Accepted Answer · answered Oct 20 '16 at 05:46

So I have tested this in my website. Here is the link that explains logout and disconnect behaviors: http://python-social-auth.readthedocs.io/en/latest/logging_out.html As you can see to disconnect from social apps you need to use disconnect(Disconnect is the way that your users can ask your project to “forget about my account”. ). By that you are deleting user association in social_auth_usersocialauth table in your DB. To accomplish this here is what you need to do:

**settings.py:**
SOCIAL_AUTH_DISCONNECT_PIPELINE = (
# Verifies that the social association can be disconnected from the current
# user (ensure that the user login mechanism is not compromised by this
# disconnection).
#'social.pipeline.disconnect.allowed_to_disconnect',

# Collects the social associations to disconnect.
'social.pipeline.disconnect.get_entries',

# Revoke any access_token when possible.
'social.pipeline.disconnect.revoke_tokens',

# Removes the social associations.
'social.pipeline.disconnect.disconnect',
)

in Templates:

<form id="myform" method="post" action="{% url 'social:disconnect' 'google-oauth2' %}5/?next={{request.path }}">
    {% csrf_token %}
    <input type="hidden" name="name" value="value" /> 
    <a onclick="document.getElementById('myform').submit();">discon</a>
</form>

In first line the Number 5 after google-oatuh2 indicates the user ID in DB table. So the first user in picture below will be deleted/disconnected from my app. To check if disconnect feature works or not, see your social_auth_usersocialauth table whether user association has been deleted. But the thing is that whenever you connect via google, facebook to you own application, it means that you are logging-in to google or facebook website too.(as during first login it opens facebook or google's login page). Even after you disconnect from your own app you need to logout from facebook or google website too. Otherwise your browser will keep you signed in, and when you try to connect to your web app again, you will be automatically logged in.

Logout with python-social-auth

1 Answers1

Linked