0

I use authlib for oauth2 in my application. And after logging in via oauth(GitHub), I want to log out. How can I do this? Do I need to revoke the token? Or do I need to clear my flask session somehow?

   oauth = OAuth(app)
   oauth.register(
    name='github',
    access_token_url='https://github.com/login/oauth/access_token',
    authorize_url='https://github.com/login/oauth/authorize',
    api_base_url='https://api.github.com/',
    client_kwargs={'scope': 'read:user'},
  )

My handlers:

from app.oauth import bp
from flask import url_for, render_template, redirect, session
from app import oauth

@bp.route('/alogin')
def login():
    redirect_uri = url_for('oauth.authorize', _external=True)
    print(redirect_uri) 
    return oauth.github.authorize_redirect(redirect_uri)

@bp.route('/complete')
def authorize():
    token = oauth.github.authorize_access_token()
    resp = oauth.github.get('user', token=token) 
    resp.raise_for_status()
    user = resp.json()
    print(token)
    print(user)
    print(session)
    #profile = resp.json()
    # do something with the token and profile
    return redirect(url_for('auth.login'))
Kirill Stepankov
  • 23
  • 5

1 Answers1

0

I figured out what was going on. It's all about the specifics of GitHub OAuth. If you have already logged in once through github, then all subsequent login attempts will automatically log in to this github account if you are logged in to the github itself under this account. Therefore, in my case, it is not necessary to logout or revoke token.

Kirill Stepankov
  • 23
  • 5
  • As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Apr 07 '23 at 15:03