如何解除谷歌和Auth0之间的账户联系
I am using Actions on Google (on mobile phone Google Assistant) and by using its Account Linking I am logged in Auth0(log-in window: image).
我正在使用谷歌(手机谷歌助手)的操作,并通过使用它的帐户链接,我已经登录了Auth0(登录窗口:image)。
However, I want to log out from Auth0 whenever I want so that I can test the whole procedure from the beginning.
但是,我想随时退出Auth0,以便从一开始就可以测试整个过程。
I wrote the following source code in Python and Flask following the Auth0 docs (https://auth0.com/docs/logout).
我在Auth0 docs (https://auth0.com/docs/logout)之后用Python和Flask编写了以下源代码。
from flask import Flask, render_template, request, jsonify
import requests
app = Flask(__name__)
@app.route("/", methods=['GET', 'POST'])
def index():
session['user'] = 'Poete_Maudit'
data = request.get_json()
if data is not None:
action = data["queryResult"]["action"]
else:
return 'HERE'
# Triggers actions.intent.SIGN_IN which leads to Auth0
if (action == 'sign'):
return jsonify({"payload": {
"google": {
"expectUserResponse": True,
"isSsml": False,
"noInputPrompts": [],
"systemIntent": {
"data": {
"@type": "type.googleapis.com/google.actions.v2.SignInValueSpec"
},
"intent": "actions.intent.SIGN_IN"
}
}
}
})
# I have other if statements below which retrieve the access token
# and do in general other stuff on Actions on Google app
# but it is too long to include it here
@app.route('/logout')
def logout():
session.clear()
return redirect('https://project_id.eu.auth0.com/v2/logout?returnTo=http://127.0.0.1:5000')
if __name__== "__main__":
app.secret_key = os.urandom(24)
app.run(debug=True)
After I have executed the whole log-in procedure one time then I manually go (from the browser) to http://127.0.0.1:5000/logout which successfully redirects me to http://127.0.0.1:5000. At the python console I am getting:
在一次执行完整个登录过程之后,我手动地(从浏览器)转到http://127.0.0.1:5000/logout,成功地将我重定向到http://127.0.1:5000。在python控制台,我得到:
127.0.0.1 - - [06/Jun/2018 14:09:04] "GET /logout HTTP/1.1" 302 -
127.0.0.1 - - [12/Jun/2018 11:03:16] "GET / HTTP/1.1" 200 -
and at the Auth0 logs section I am getting Success Logout (image).
在Auth0 logs部分,我获得了成功注销(图像)。
However, again when I am restarting the whole process on the mobile phone Google Assistant the log-in window does not appear and I am again already logged in Auth0 with the same accessToken.
然而,当我在手机谷歌Assistant上重新启动整个进程时,登录窗口不会出现,我再次使用相同的accessToken登录到Auth0。
How can I properly log out by clearing the session and/or the cookies on http://127.0.0.1:5000 and hence make the Auth0 log-in window to appear again?
如何通过清除http://127.0.0.1:5000上的会话和/或cookie来正确地退出,从而使Auth0登录窗口再次出现?
P.S.
注:
1) Keep in mind please that for now I am doing all this with Python and ngrok. If I restart the ngrok session then the log-in window re-appears but obviously I want to do this programmatically.
1)请记住,目前我正在使用Python和ngrok进行所有这些工作。如果我重新启动ngrok会话,那么登录窗口就会重新出现,但显然我想以编程方式进行。
2) Do not take anything for granted please. I may be missing something very elementary in what I am doing so please feel free to ask me even very elementary questions about this.
请不要认为任何事情都是理所当然的。我可能漏掉了一些非常基本的东西,所以请尽管问我一些基本的问题。
2 个解决方案
#1
4
I have sent a message about it to Google Support and I got the following answer:
我已经给谷歌的支持发了一条信息,我得到了如下的答案:
To unlink your account you can use this link (https://gala-demo.appspot.com), in the field Service ID enter the project ID and add "_dev" at the end (in your case it will be "Dnipro-Chatbot_dev"), then click Unlink My Accounts.
要取消您的帐户链接,您可以使用这个链接(https://gala-demo.appspot.com),在字段服务ID中输入项目ID,并在末尾添加“_dev”(在您的例子中是“Dnipro-Chatbot_dev”),然后单击unlink我的帐户。
Moreover, I asked them if I can do this programmatically (than only manually as above) and I got the following answer:
此外,我问他们我是否可以用编程的方式(而不是像上面那样只能用手工)做这件事,我得到了以下答案:
I'm not sure if this is possible to do in Python, but you can try following: If you can send back a 401 status code from your oauth token exchange endpoint. The 401 will tell AoG that the access token is invalid and force AoG to initiate the account linking flow again. Hope this can help you.
我不确定这在Python中是否可行,但您可以尝试以下操作:如果您可以从oauth令牌交换端点返回401状态代码。401将告诉AoG访问令牌无效,并迫使AoG再次启动帐户链接流。希望这能帮到你。
In conclusion, you can certainly use the link above to unlink the account as I tested it and it works fine. Regarding the second answer, I am not sure that this is exactly possible at least in the way it is stated. You cannot really send programmatically a 401 status code from Auth0. What you can do on Auth0 is to set the expiration time of the JWT of your Auth0 app very low (e.g. 60 seconds) and in this way force the access token to be revoked. But this is not again really a programmatic solution and I have not tested it yet.
综上所述,您当然可以使用上面的链接来解除这个帐户,因为我对它进行了测试,它工作得很好。关于第二个答案,我不确定这是否完全有可能,至少在表述方式上是这样的。不能通过编程方式从Auth0发送401状态码。您可以在Auth0上做的是将Auth0应用程序的JWT的过期时间设置得非常低(例如60秒),以这种方式强制取消访问令牌。但这并不是真正的程序化解决方案,我还没有对它进行测试。