google-api - gigi.auth.signOut() 停止工作，未实现任何更改

Question

我使用 Google Plus 作为登录名，直到最近都运行良好。现在用户无法再注销。回调起作用并返回用户已注销，但之后它会立即让用户再次登录。似乎它没有存储注销。

有一些较旧的问题，例如 this one 。我尝试了所有建议的解决方案，但没有任何效果。

html 头部的代码

<script src="https://apis.google.com/js/client:platform.js?onload=start" async defer></script>

按钮代码，始终显示(登录时隐藏)

<div id="signinButton">
  <span class="g-signin"
    data-scope="https://www.googleapis.com/auth/gmail.readonly"
    data-clientid="{{ CLIENT_ID }}"
    data-redirecturi="postmessage"
    data-accesstype="offline"
    data-cookiepolicy="single_host_origin"
    data-callback="signInCallback">
  </span>
</div>

登录和退出功能

<script>
  function signInCallback(authResult) {
    //console.log(authResult)
    if (authResult['code']) {

      var state = encodeURIComponent('{{ STATE }}');
      var code = encodeURIComponent(authResult['code']);          
      var tz = encodeURIComponent($('#timezone').val());
      var cntry = encodeURIComponent($('#country').val());
      var lan = encodeURIComponent('{{ language }}');

      // Send the code to the server
      $.ajax({
        type: 'POST',
        url: '/signup/gauth',
        contentType: 'application/octet-stream; charset=utf-8',
        success: function(result) {
          console.log(result)
          if (result == 'Success') {
            {% if not user %}window.location = "/user/home";{% else %}
            console.log('Logged in');{% endif %}
          }
        },
        processData: false,
        data: 'code='+code+'&state='+state+'&country='+cntry+'&tz='+tz+'&language='+lan
  });
    }
    else if (authResult['error']) {
      console.log('Sign-in state: ' + authResult['error']);
    }
  }

  function signOut() {
    gapi.auth.signOut();
    window.location = "/user/logout"
  }
</script>

Answer 1

编辑:我使用两步方法实现完全注销和注销:首先我注销，然后关闭当前页面并打开一个注销php页面来终止当前 session (我可以使用Ajax，但我更喜欢将用户发送到注销后的主页，何必麻烦呢？)。

<head>
  <meta name="google-signin-scope" content="profile email">
  <meta name="google-signin-client_id" content="your-CLIEntID">
  <script src="https://apis.google.com/js/platform.js" async defer>   
  </script>
  <script> 
    function signOut() {
      var auth2 = gapi.auth2.getAuthInstance();
      auth2.signOut().then(function () {
        console.log('User signed out.');
      });
    }
  </script>
</head>
<body>
...
  <a href='logout.php' onclick='signOut();'>LOGOUT</a>
...

这是我的退出(生产)，对于最终版本，我建议您删除控制台日志记录

var auth2 = gapi.auth2.getAuthInstance();
auth2.signOut();

注销.php

<?php
ob_start();
session_start(); 
$serverName = $_SERVER['SERVER_NAME'];
$tokenGoogle = $_POST['myTokenFromGoogle'];
if ($tokenId) {
    debug_to_console("inside LOGOUT has tokenGoogle [$tokenGoogle]");
    $url = "https://accounts.google.com/o/oauth2/revoke?token=$tokenGoogle";
    $ch = curl_init($url);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    $response = curl_exec($ch);
    $json = json_decode($response, true);
    curl_close($ch);
    header("Location: http://$serverName/pageThatConsumesdata.php?".implode("|",$json));
} else {
    debug_to_console("inside LOGOUT HAVING NO tokenGoogle");
    if(isset($PHPSESSID)) {
        $message = "time for a  change of ID? ($PHPSESSID).";
        $sessionName = session_id();
        session_regenerate_id();
        $sessionName2 = session_id();
    } else {
        $message = "There was no session to destroy!";
    }
    debug_to_console($message);
    debug_to_console("[$serverName]");
    session_destroy();   
    header("Location: http://".$serverName);
    exit;
}
function debug_to_console( $data ) {
    if ( is_array( $data ) ) {
    $output = "<script>console.log( '" . implode( ',', $data) . "' );</script>";
    } else {
    $output = "<script>console.log( '" . $data . "' );</script>";
    }
    echo $output;
}
?>

注意:出于调试目的，我添加了一个从 php 打印到控制台的功能(单击 SHIFT+CTRL+J 在 Firefox 或 Chrome 中查看控制台)。这样做绝不是标准做法，一旦最终代码启动就应该删除。