Use case: a user signs in to a forum using a Patreon account. The user realizes that they signed in with the wrong Patreon account, and hits log out. However, when hitting login, one is redirected to the patreon permissions dialog (i.e not the login form, because were still signed in to Patreon). It is impossible to sign out from Patreon via the app, and deleting the forum from the interface does not work either.
Expected behavior: the app should completely sign the user out from Patreon.
Oh isn’t this happening because the user have a Patrron cookie that is doing the login dance automatically?
So the user has to logout in Patreon and it’s something we can’t control right?
We cannot force a person to log out of another service, whether it be Google or Patreon or anything else, for what I hope are obvious reasons given the malicious damage you could cause if you could do that…
Well, since this is a native iOS app, can’t you force a cookie eviction or something? Alternatively, we could ask Patreon to provide an API endpoint to do this as I think its pretty much crucial for federated login. The user has given access to the account to it’s not unreasonable to have logout power.
I don’t think it’s possible to evict cookies of other websites. But we have other options here
From your Patreon account page
https://www.patreon.com/settings/account you can unlink the Discourse app which is wrongly connected.
While sign-in again using Patreon in
/oauth2/authorize page where you will be asked for either “Allow” or “Deny” the permissions, click the “Terms of Service” and logout from Patreon in next page. (yes they are missing “logout” / “switch account” link in authorize window)