On Sat, Feb 13, 2016 at 4:12 AM, bianghouse <bianghouse@yahoo.it> wrote:

Hi, I'd like to know if there's a way to perform a logout or revoke access
from socialproviders.
I'm currently using Android Authorization (OAuth2) to connect my app to
social-platforms.
Taking a look at AuthzModule interface it declares the following methods

public boolean isAuthorized();
public boolean hasCredentials();
public void requestAccess(Activity activity, Callback<String> callback);
public boolean refreshAccess();
public void deleteAccount();

I tried with deleteAcccount() method with no luck, when I try to login with
a new login user no OAuthWebViewDialog appears and my app redirects to
succeeded login with the old credentials.

The answer is "its complicated". `deleteAccount` removes the account information from what Aerogear knows about, but your WebView or web browser (if you use an intent) may still know about your authorizations. When we request from the WebView/Browser a token it will use its cached credentials to log in and fetch the token.

You can confirm that you are logged out by trying to make a call using your pipe. You should get a failure.

It looks like we could, as part of delete account with the webview AuthzModule clear the cookies.

I've created a issue to track this here : https://issues.jboss.org/browse/AGDROID-521

Also you can clear the cookies manually if you are using a webview : http://stackoverflow.com/questions/28998241/how-to-clear-cookies-and-cache-of-webview-on-android-when-not-in-webview

Thanks in advance.
M.

--
View this message in context: http://aerogear-dev.1069024.n5.nabble.com/Android-oauth2-logout-from-Facebook-Google-tp12348.html
Sent from the aerogear-dev mailing list archive at Nabble.com.
_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev