Facebook API - javascript sdk: status shows 'connected' after logout

2
votes

I'm using the Facebook sdk for javascript in a AngularJS website.

I'm trying to prefill a registration form using a Facebook login. In the first time, the facebook modal appears, I enter my information, it logs in and I get the data I need, as expected.

Then I complete the registration, log in the system. And log out the system, while also performing a Facebook logout.

Then I went back to create a second registration, expecting to test the registration with a different facebook account...

But when I hit Facebook login to prefill the form, instead of the sdk showing up the Facebook login modal again for me to enter a new login, it performed a login with my previous data.

When I went to check the reason, I've discovered that the facebook status says 'connected'. I was expecting to be disconnected, since I've successfully performed a facebook logout.

I'm I wrong in assuming this? How can I disconnect the first user to be able to use a different facebook account on my second registration?

To login, I'm using:

var deferred = $q.defer();
FB.getLoginStatus(function(response) {
    if (response.status === 'connected') {
        console.log('already logged in.');
        deferred.resolve(response);
    }
    else {                    
        FB.login( function(response) {
            if (response.authResponse) {
                console.log('response: ' + JSON.stringify(response));
                var access_token = response.authResponse.accessToken;
                console.log('access token: ' + access_token);    
                console.log('Welcome!  Fetching your information.... ');
                deferred.resolve(response);                            
            } else {
                console.log('User cancelled login or did not authorize.');
                deferred.reject('Error occured');
            }
        }, {
            scope: 'public_profile, email, user_birthday',
            return_scopes: true
        });
    }                        
});    
return deferred.promise;

And my logout is like:

var deferred = $q.defer(); 
FB.logout(function(response) {  

    // I've tried with and without this line of code: 
    FB.Auth.setAuthResponse(null, 'unknown');           

    console.log('FB service logged out');
    deferred.resolve(response);
});
return deferred.promise;

From this reference Facebook JS SDK FB.logout() doesn't terminate user session I tried to use FB.Auth.setAuthResponse(null, 'unknown'); after the logout, but it didn't work for me.

1
javascriptangularjsfacebookfacebook-graph-apifacebook-javascript-sdk
Are you sure you have been logged out of Facebook? FB.logout only does that, if the user logged into Facebook while logging in to your app. If they were already logged into Facebook before, then it will only log them out of your app. (And the latter is a bit pointless, if you have the SDK set up to recognize returning users automatically, because it will then log them in automatically again once they visit your site.) - CBroe
It's not an app, it's a website (I will update in my question). So I have a facebook login button in the website that opens up the facebook modal for login and returns me some user data. And I use that data to login into my website. ...Later on, when I log out the user from the site I also call the facebook logout. I don't know why, but seems it's not working as expected. - João Otero
It is an app, it is just running on the website platform. // Again, if the user was logged into Facebook before already, then this will not log them out of Facebook. And if they are logged in to Facebook, the JS SDK will “recognize” them at the next page load. What do you need this for anyway? Since people are only allowed to have one personal Facebook account, logging multiple users in and out on the same device is not a usual use case ... - CBroe
Well, imagine that different people share the same desktop. In a cyber cafe, for example. And my website has a "connect with facebook" button. How do I log out users from the facebook sdk? - João Otero
My expectation is indeed that the sdk would recognize a returning user that is logged in the current facebook page, and log them in automatically. However, the sdk should not infer that the once logged in facebook account will still be the same every time, since people could disconnect from facebook and reconnect with a different account. - João Otero

1 Answers

2
votes

I was having a similar issue and solved it by having a Facebook disconnect button in the user profil which calls the API:

DELETE /{user-id}/permissions/

https://developers.facebook.com/docs/graph-api/reference/user/permissions/

E.g. with the Javascript SDK:

// remove permission, so that the user is asked to authenticate the app again
// or another user can login on the top right of the login popup

FB.api('/me/permissions', 'delete', {
  access_token: user.accessToken            // use existing token from database
  }, (r) => {
   if(r.success) user.accessToken = null;   // remove token in database
});