2

Suppose I login to xyz.com site via Google. Then when I signout of the xyz.com site but google still keeps on logged in.

As for facebook there is logout url, with which we can logout facebook as well.

Are there logout urls for all open ids, like yahoo, google etc. if not how can we signout them as well..

Thanks,

Chetan Sharma
  • 2,539
  • 5
  • 25
  • 41
  • See question [How to add logout feature to an OpenID enabled site?][1] [1]: http://stackoverflow.com/questions/1968814/how-to-add-logout-feature-to-an-openid-enabled-site – Paweł Nadolski Aug 04 '11 at 18:06

2 Answers2

5

OpenID relying party can't log user out of OP, you can only implement local logout. Just like RP can not log user into OP.

Individual OpenID providers offer different URLs for logout to which the user can be redirected.

Google: https://www.google.com/accounts/Logout

Yahoo: https://login.yahoo.com/config/login?logout=1

See also question How to add logout feature to an OpenID enabled site? where I found the answers above.

Community
  • 1
  • 1
Paweł Nadolski
  • 8,296
  • 2
  • 42
  • 32
  • I would be pretty annoyed if a website I was on that used my Google account decided to redirect me to the account logout page for all of my Google accounts. – Timothy Strimple Aug 04 '11 at 22:36
  • 1
    @Timothy I agree, but the question is to provide such method. I can see a use for it: you may create two buttons `logout` and `logout my all OpenId accounts`. This may be convenient on public or shared computers if you log out of an application you wouldn't want to leave browser signed in to you google account. – Paweł Nadolski Aug 05 '11 at 09:04
2

I don't know that you should be signing them out via URL. If the user is being remembered on the OpenID website, then that indicates that the user has chosen to have their information remembered by the OpenID website, and if they wanted to explicitly log out, they could do it directly from the OpenID provider themselves.

Timothy Strimple
  • 22,920
  • 6
  • 69
  • 76