3

I want to log the user out of my app and remove their permissions

I'm currently using the JS-SDK and have no Server Side Logic.

I know I can log a user out with FB.logout()

I can also revoke their permissions using FB.api('/me/permissions', 'DELETE') to "de-authorize" the app

The problem is, I cannot seem to do both. Each seems to prevents the other from working.

EXAMPLES:

  • Calling FB.api('/me/permissions', 'DELETE', function(){FB.logout()});

    results in the following error:

    "Refused to display document because display forbidden by X-Frame-Options."

  • Calling: FB.logout(function(){FB.api('/me/permissions', 'DELETE');})

    results in the user being logged out, but the permissions remain.

Zach Lysobey
  • 14,959
  • 20
  • 95
  • 149
  • 2
    What exactly does “doing both at once” look like? If you are calling these asynchronous method just one after another, that would explain the problem. Try calling logout in the callback function of the api call. – CBroe Feb 26 '13 at 20:04
  • see my newly added Examples – Zach Lysobey Feb 26 '13 at 20:44
  • Well, I *may* actually have fixed it (still need to do some testing). I had only tried doing one as a callback of the other, or typing them individually into the console. Actually "calling them one after another" seems to be the only way to make it work: `FB.logout();FB.api('/me/permissions', 'DELETE');` I guesse this is because its able to *start* both of these asnychronous calls, before the other one returns. – Zach Lysobey Feb 27 '13 at 15:21
  • Well that’s not something I would rely on _at all_. – CBroe Feb 27 '13 at 16:00
  • Yea, lol. Thats why I didn't even try it in the first place; but actually this seems to be a reasonable solution to my specific situation - I'm just trying to add some debugging controls to my dev environment so I can quickly start from scratch without having to do anything manually at facebook.com – Zach Lysobey Feb 27 '13 at 16:54
  • possible duplicate of [Facebook API SDK revoke access](http://stackoverflow.com/questions/9050190/facebook-api-sdk-revoke-access) – Zach Lysobey Mar 26 '15 at 15:23
  • deleting permissions doesn't automatically log the user out? – rogerdpack Apr 11 '17 at 22:52

1 Answers1

1

Answering my own question:

After doing a fair amount of research and experimentation, I've concluded that there is no reliable way to do this.

I was able to determine that the following code works - though I wouldn't recommend its use in a production app.

FB.logout();
FB.api('/me/permissions', 'DELETE');

Apparently calling them one after another works (vs. doing it with callbacks). Once either of them finishes it prevents the other from starting, but if I make the asynchronous calls in quick succession it seems to let both succeed.

Zach Lysobey
  • 14,959
  • 20
  • 95
  • 149