Solved: How to logout from an integration?

mark@avarobotics.com · ‎08-09-2022

I have a webex integration, where I'd like to allow the user to enter different webex credentials for the grant flow that gives permission for my integration to use webex APIs. Is there something like a request to https://webexapis.com/v1/logout that will invalidate all tokens and cookies or whatever webex is using?

Currently, if my web app starts a new grant flow by going to https://webexapis.com/v1/authorize, then webex simply skips the login pages, doesn't give the user a chance to enter webex credentials, it uses the same credentials the user entered before. I think the cookies the browser has for idbroker.webex.com are triggering the webex authentication to skip the login pages.

What can my app do to allow the user to enter new webex credentials in the webex integration grant flow?

Jeff Marshall · ‎08-15-2022

The OAuth flow does support some of the OpenID parameters.
For example, if you include &prompt=select_account in your OAuth authorization URL the user will be given the option to enter a different email address and therefore login with a different account.

View solution in original post

Jeff Marshall · ‎08-15-2022

The OAuth flow does support some of the OpenID parameters.
For example, if you include &prompt=select_account in your OAuth authorization URL the user will be given the option to enter a different email address and therefore login with a different account.

mark@avarobotics.com · ‎08-16-2022

Thanks Jeff, the parameter &prompt=select_account gives us the behavior we are looking for!

dstaudt · ‎08-15-2022

Jeff, would like to get more info on this, i.e. any other available OpenId parameters besides 'prompt'..?

Jeff Marshall · ‎08-15-2022

The ones I'm aware of other than that one are these:
&email=user@example.com - It will bypass the screen that asks for the user's email. Mostly only useful if the org has SSO and they can use it to bypass the Webex sign-in screen so the user is taken directly to their SSO sign-in.

&forceAuth=true - It will prompt the user to enter a password again but the email will still be whatever they were logged in with previously.

Rudrakshi · ‎08-09-2022

You may use the Authorizations API with the DELETE method to revoke access and refresh tokens. Deleting a refresh token will revoke all associated access tokens as well.

Hope this help!

Best regards,
Rudrakshi Srivastava

Advait · ‎08-10-2022

We tried this but this does not clear session cookies, it still skips the login page until the user leaves meeting and rejoins.

Raffaele Lagana · ‎08-11-2022

Is this use case a common use case for you? Where you have users who need to log out from the browser session and login with another webex user?

Or is it a one-time thing? If it's a one-time thing then you can simply delete the 'webex.com' and 'idbroker' cookies from the browser.

The way the webex user experience functionality is built means that session cookies will be stored in the browser and there is no API to remove those. This is based on the fact most users would only have one webex user and so wouldn't need to log out and login with another user.

If you do have a use case where you regularly have webex users needing to log out and login with another webex users, then you may need to look up ways through code logic to remove the cookies I mentioned above. I think it is possible through code to remove cookies, did a quick google search and I see ways of doing it through php and jQuery. Haven't done it before myself, but looks possible. You would need to test this however.