I use authlib for oauth2 in my application. And after logging in via oauth(GitHub), I want to log out. How can I do this? Do I need to revoke the token? Or do I need to clear my flask session somehow?
oauth = OAuth(app)
oauth.register(
name='github',
access_token_url='https://github.com/login/oauth/access_token',
authorize_url='https://github.com/login/oauth/authorize',
api_base_url='https://api.github.com/',
client_kwargs={'scope': 'read:user'},
)
My handlers:
from app.oauth import bp
from flask import url_for, render_template, redirect, session
from app import oauth
@bp.route('/alogin')
def login():
redirect_uri = url_for('oauth.authorize', _external=True)
print(redirect_uri)
return oauth.github.authorize_redirect(redirect_uri)
@bp.route('/complete')
def authorize():
token = oauth.github.authorize_access_token()
resp = oauth.github.get('user', token=token)
resp.raise_for_status()
user = resp.json()
print(token)
print(user)
print(session)
#profile = resp.json()
# do something with the token and profile
return redirect(url_for('auth.login'))
I figured out what was going on. It's all about the specifics of GitHub OAuth. If you have already logged in once through github, then all subsequent login attempts will automatically log in to this github account if you are logged in to the github itself under this account. Therefore, in my case, it is not necessary to logout or revoke token.