Search code examples
pythondjangodjango-allauth

Django-allauth and logout issue with Google

I'm using django-allauth specifically and only for Google authentication. I'm experiencing a few odd issues:

  • Logout from a Chrome browser and the user is still remembered upon the next login. The user is never redirected to a Google login.

  • Log out from a Safari browser and the user is NOT remembered upon the next login, therefore they are directed to the Google login at the next login attempt.

The desired result would be to always force users to go through the full login process. They should be directed to Google for their email and password. This allows users to share a computer and switch accounts.

I've experimented with multiple configuration settings, but with no luck. Here are the current configs:

ACCOUNT_SIGNUP_PASSWORD_ENTER_TWICE = True
ACCOUNT_USERNAME_REQUIRED = False
ACCOUNT_AUTHENTICATION_METHOD = 'email'
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_UNIQUE_EMAIL = True
ACCOUNT_EMAIL_VERIFICATION = 'mandatory'

ACCOUNT_AUTHENTICATED_LOGIN_REDIRECTS = True
LOGIN_REDIRECT_URL = '/stores/store_list'

ACCOUNT_LOGOUT_REDIRECT_URL = 'home'

ACCOUNT_SESSION_REMEMBER = False
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
SESSION_COOKIE_AGE = 60


SOCIALACCOUNT_PROVIDERS = {
    'google': {
        'SCOPE': [
            'profile',
            'email',
        ],
        'AUTH_PARAMS': {
            'access_type': 'offline',
            'AUTH_PARAMS': {'auth_type': 'reauthenticate'},
        }
    }
}

Is this something that is expected and directly tied to the session? Do I need to delete the session upon each logout? I tested by manually removing the user's session data from the database, which yields the proper results. But, I'm not sure if that's the right approach, and if it is how to go about it.

Solution

  • I was able to find the answer through documentation:

    Here, you can pass along an optional process parameter that indicates how to process the social login. You can choose between login and connect:

    <a href="{% provider_login_url "twitter" process="connect" %}">Connect a Twitter account</a>

    Furthermore, you can pass along an action parameter with value reauthenticate to indicate that you want the user to be re-prompted for authentication even if he already signed in before. For now, this is supported by Facebook, Google and Twitter only.

    So, the HREF to login will look like this.

    <a href="{% provider_login_url "google" action="reauthenticate" %}">Sign in Google account</a>

    Here is the documentation I found on PyPi

    https://pypi.org/project/django-allauth/0.16.1/