duckhamqng / google-api-dotnet-client

Automatically exported from code.google.com/p/google-api-dotnet-client
Apache License 2.0
0 stars 0 forks source link

Provide a signout method #463

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
From 
http://stackoverflow.com/questions/23440598/google-oauth-api-sign-out-issue-in-g
oogle-api-dot-net-client:

I am using “Google.Apis.YouTube.v3 Client Library1.8.1.1050” Nuget package 
for accessing API in Windows Phone 8. I am able to do sign in function 
successfully using this API. I am able to perform certain operations on YouTube 
API v3 only by logging in with authenticated Google account details. I am also 
able to get all feeds from Youtube using this API. Right now, I am facing one 
problem while using Google API V3 oAuth2. I am using following code to do login 
with Google account :

UserCredential credential;
using (var stream = new FileStream("clientdata.json", FileMode.Open, 
FileAccess.Read)){

    credential = await GoogleWebAuthorizationBroker.AuthorizeAsync(
    GoogleClientSecrets.Load(stream).Secrets,
    // This OAuth 2.0 access scope allows for read-only access to the authenticated 
    // user's account, but not other types of account access.
    new[] { YouTubeService.Scope.Youtubepartner },
    "user",
    CancellationToken.None);}
Using this code, I can successfully get signed in and able to get all feeds. 
But now my problem is how to logout from Windows Phone 8 application using 
Google API v3? As per my knowledge, there is no method available to clear user 
credentials in this package. For now, I am calling a webservice

https://accounts.google.com/o/oauth2/revoke?token={access token}

to revoke the current access token but this is not much helpful.

It would be great if I can get any help to get this problem fixed. And also let 
me know if it requires any corrections. It would be better if someone can 
provide the documentation or sample examples for how to efficiently use this 
API in Windows Phone.

Thanks in advance

Original issue reported on code.google.com by pele...@google.com on 8 May 2014 at 4:51

GoogleCodeExporter commented 9 years ago

Original comment by pele...@google.com on 9 May 2014 at 2:19

GoogleCodeExporter commented 9 years ago
Hi Eyal, 
Thanks for reply. I am the same questioner who asked you for help on 
stackoverflow.

link : 
http://stackoverflow.com/questions/23440598/google-oauth-api-sign-out-issue-in-g
oogle-api-dot-net-client/

As suggest by Rohit in stackoverflow, On logout I clear the cookies after 
calling revoke token webservice. Now when try to get the credential, it is not 
asking me for the user credentials. Somehow It retrieves a UserCredential class 
with token (even if this toekn is revoked). So, this token is useless for the 
next call to retrieve the youtube feeds where I require to pass it as 
parameter. This is only happening with the same instance of the application. 
When I restart the application after logout process. It is working fine for me. 
For more detail, I am using same "user" for all calls to get the UserCredential 
in 'GoogleWebAuthorizationBroker.AuthorizeAsync()' method.

Original comment by java.web...@gmail.com on 10 May 2014 at 4:48

GoogleCodeExporter commented 9 years ago
Try to use a different "user" (and not the same one) meantime.
Let me know if it works

On Sat, May 10, 2014 at 12:48 AM,
<google-api-dotnet-client@googlecode.com>wrote:

Original comment by pele...@google.com on 10 May 2014 at 7:04

GoogleCodeExporter commented 9 years ago
https://codereview.appspot.com/94340043/

Original comment by pele...@google.com on 10 May 2014 at 8:25

GoogleCodeExporter commented 9 years ago

Original comment by pele...@google.com on 14 May 2014 at 3:46

GoogleCodeExporter commented 9 years ago
Has this been put in a to a release yet? I, too, would like to use this.

If not, any idea on a timeframe?
Thanks

Original comment by bc3t...@gmail.com on 25 Aug 2014 at 9:26

GoogleCodeExporter commented 9 years ago
It is part of release 1.8.2.
It's out there, and ready for you to use it :)

Original comment by pele...@google.com on 25 Aug 2014 at 9:29

GoogleCodeExporter commented 9 years ago
I can't seem to make heads or tails out of the API, then, to figure out how I'm 
supposed to revoke one's token after, say, a close and re-launch of the app. I 
see, via an Isolated Storage Explorer, that there is data stored by Google in 
the local data store, but don't know how I'm supposed to load the token from 
that store, to subsequently hand it off to a revoke method.

Any doco out there? I can't seem to locate any.

Original comment by bc3t...@gmail.com on 25 Aug 2014 at 9:33

GoogleCodeExporter commented 9 years ago
I don't know that I would mark this complete just yet.

You can't clear a token and then re-auth in a manner that prompts the user for 
a username & password again. In order to do this the cookies on the browser 
control must be cleared, and that's not being done. Revoke the token, exit the 
app, re-launch and yup you'll get prompted again, but obviously this is not 
ideal.

Similarly, code for revoking a token is somewhat complicated since we can't 
serialize UserCredential objects to storage, only Token objects. If we could, 
then we could just re-hydrate that object to make it easier.

Original comment by bc3t...@gmail.com on 26 Aug 2014 at 3:19

GoogleCodeExporter commented 9 years ago
Take a look in this change -
https://code.google.com/p/google-api-dotnet-client/source/detail?r=3dc4887c229fa
263ee147de9bd58f8502e7a9a8c
If you want to revoke the token by using -
https://code.google.com/p/google-api-dotnet-client/source/browse/Src/GoogleApis.
Auth/OAuth2/UserCredential.cs?spec=svn3dc4887c229fa263ee147de9bd58f8502e7a9a8c&r
=3dc4887c229fa263ee147de9bd58f8502e7a9a8c#173

then the user won't be able to use the current access token, so in order to
reauthorize it, you should use one of the ReauthirzeToken methods (
https://code.google.com/p/google-api-dotnet-client/source/browse/Src/GoogleApis.
Auth.DotNet4/OAuth2/GoogleWebAuthorizationBroker.cs?spec=svn3dc4887c229fa263ee14
7de9bd58f8502e7a9a8c&r=3dc4887c229fa263ee147de9bd58f8502e7a9a8c#99
).

What do you think that this solution is missing?

Original comment by pele...@google.com on 27 Aug 2014 at 3:24

GoogleCodeExporter commented 9 years ago
It's missing the clearing of cookies from the embedded browser. Without this, 
the reauth simply pops up "Authorize application" page, not the google login 
page which is required if a user wishes to sign out and sign back in under a 
different account

Original comment by bc3t...@gmail.com on 28 Aug 2014 at 6:35

GoogleCodeExporter commented 9 years ago
Similarly, these are both painful as we don't have a way of serializing the 
UserCredentials object to (easily) re-hydrate it to issue the revoke or the 
reauth. Being able to serialize user creds much like we can serialize tokens 
would go a long way here.

Original comment by bc3t...@gmail.com on 28 Aug 2014 at 6:38

GoogleCodeExporter commented 9 years ago
can you provide any advice to devs as to how to go about solving the problems 
i've outlined above?

Original comment by bc3t...@gmail.com on 11 Sep 2014 at 12:46

GoogleCodeExporter commented 9 years ago
As I understand on the "Authorize application" page you can change your
Google's user, right?
Can you printscreen the page you are referring to?

Original comment by pele...@google.com on 11 Sep 2014 at 1:32

GoogleCodeExporter commented 9 years ago
No. on the auth application page all you get are "ok" and "deny"

Sorry for my delayed response. These google group/issue things never work well 
for me as far as notifications go.

I will work with this some more and show you what I am experiencing with 
screenshots. If i find that things are working better now, I will also update 
accordingly.

Original comment by bc3t...@gmail.com on 13 Nov 2014 at 1:55

GoogleCodeExporter commented 9 years ago
But I think that you can still change the user in that page (not sure)
anyway it's a browser issue that you actually see...

On Thu, Nov 13, 2014 at 8:55 AM, <google-api-dotnet-client@googlecode.com>
wrote:

Original comment by pele...@google.com on 13 Nov 2014 at 2:13

GoogleCodeExporter commented 9 years ago
Agree it's a browser issue, but it's an assue because - as i said - you can't 
clear the cookies in the embedded browser the Google SDK is using. Then Signout 
happens, you should be issuing the command, and clearing the cookies of that 
browser object. I'd be doing it myself but the source for the Youtube libraries 
doesn't appear to exist anywhere, only the core APIs for Google .Net.

Original comment by bc3t...@gmail.com on 13 Nov 2014 at 3:21

GoogleCodeExporter commented 9 years ago
And, not to be too crass, but shouldn't you be "sure" before you tell me i can 
do it?

Original comment by bc3t...@gmail.com on 13 Nov 2014 at 3:29