9

I am dabbling a little with Python Django Social Auth using Twitter authentication.

I can login.

But, when I try to log out using django.contrib.auth.logout, it doesn't log out.

What's the way to logout?

Thanks.

Tiago Martins Peres
  • 14,289
  • 18
  • 86
  • 145
rookieRailer
  • 2,313
  • 2
  • 28
  • 48
  • can you post you logout code? – Glyn Jackson Jan 25 '13 at 22:45
  • I am having the same issue :/ – Lee Apr 17 '13 at 19:44
  • Are you trying to logout from Twitter too? That won't be possible without using any SDK from Twitter since logging out from a third party site implies messing with their cookies, so you need some JS from the same domain to mess with them. – omab Apr 24 '13 at 15:10
  • I'm trying to accomplish this myself and running into the same issue. While a Django logout function may well work to log the person out of the Django app, it doesn't matter much if when someone goes to the site again they're accepted right back in due to the auth token still being around. So I guess the question is how to destroy that auth token from the browser via a logout type command? Otherwise, in situations where someone logs in from a shared computer of some sort, there doesn't appear to be any way for them to not remain logged in or authenticated. – Kevin Dahl Aug 21 '15 at 21:48

4 Answers4

9

Are you trying to log out just from the Django app or do you want to "forget" the Twitter access? Usually the twitter auth token is stored for simplified login the next time a user wants to connect to twitter, so the user doesn't have to "accept" the access again.

Django logout

If you just want to logout from the Django auth system, it should be enough to use the django.contrib.auth.views.logout view or to create a custom logout view.

Social auth disconnect

To completely unlink/disconnect a social account, you need to use the disconnect functions in social-auth. You can get the disconnect url using the following template tag:

{% url "socialauth_disconnect" "backend-name" %}

For more information, please refer to http://django-social-auth.readthedocs.org/en/v0.7.22/configuration.html#linking-in-your-templates.

Force approval prompt

Because you've already allowed your app access to the OAuth provider, the auth provider will remember that decision. There are usually two ways to force a confirmation of that access permission:

  • Revoke the access permission in the management console of your auth provider (e.g. disapprove twitter app access).
  • Set an extra OAuth argument that forces the approval prompt. I'm not sure if Twitter provides such a thing, but if you're using Google OAuth2 you can simply add {'approval_prompt': 'force'} to the GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS setting.
Community
  • 1
  • 1
Danilo Bargen
  • 18,626
  • 15
  • 91
  • 127
5

Do you have a logout view? You need to have a logout view.

Example:

from django.contrib.auth import logout

def logout_view(request):
    logout(request)
    # Redirect to a success page.
Glyn Jackson
  • 8,228
  • 4
  • 29
  • 52
4

This answer is outdated as django-social-auth is now python-social-auth

See newer Stack Overflow answer here.

Read the docs here

Community
  • 1
  • 1
Huston
  • 83
  • 3
0

According to the documentation there is a difference between log out and disconnect. In short,

  • Disconnect - forget the user social account.
  • Log out - end the current user session and remove any related data (like cookies).

From the question, I assume you still want to allow the user to have the Twitter linked with the account. If you want to disconnect, check this answer.

To log the user out, you can have in your Django settings.py

LOGOUT_URL = "logout"

Then, in your urls.py

from django.urls import path
from django.contrib.auth import views as auth_views

urlpatterns = [
    path("logout/", auth_views.LogoutView.as_view(template_name="registration/logged_out.html"), name="logout"),
]

Then, to log the user out, you can just use in the template something like

<a href="{% url 'logout' %}">Logout</a>

Also, you'll have to create a the logged_out.html file in appname/templates/registration/ and include in it whatever you want the logged out user to see.

Tiago Martins Peres
  • 14,289
  • 18
  • 86
  • 145