How to obtain the user_id so I can issue a logout API call

sso
1

I searched into many differents posts about SSO logout. But i didn’t found my answer.
We want to setup the SSO LOGOUT.
You also have to know that we implemented SSO.

What is the query, that can return the UID, when i input username.

With that query we will be able to logout a user on the forum that just logout from the main website

This is the closest answer i found.

Can’t we just use sso,sig and token to identify ourself to the forum ? i mean by that that the main website already has those information, is there any way to use it to identify the user we want to logout

2

GET https://example.com/u/USERNAME.json

Since you implement SSO, you have the external_id of the user, so you can use:

GET https://example.com/u/by-external/EXTERNAL_ID

2 Likes
3

Thanks great helping, It’s working for
https://example.com/u/USERNAME.json Where i can find myself by replacing example.com (by the forum url) and USERNAME (by my username)

but for
https://example.com/u/by-external/EXTERNAL_ID

When i tryed the same logic : Replacing example.com by the forum url and replacing EXTERNAL_ID by : 1,2,3 and some random value.

4

For the external you need the extension too, so

GET https://example.com/u/by-external/EXTERNAL_ID.json

1 Like
5

Big thanks to you Falco, your help has been VERY valuable, and as always your aswer very fast :smiley:

So the ‘How to obtain user_id’ is now solved, but we are still trying to logout him

1 Like
6

What you gave us, is an url that only an admin can use to logout an user. is there any equivalent for a non admin person ?

Or can we make a querry as admin and make that querry not only leading to the logout page but actually disconnecting him

7

https://meta.discourse.org/t/discourse-sso-logout/28509/10?u=falco

3 Likes
8

Nice, Where in the querry should i supply the api key of an admin account?

Taking as example api key = XX and user UID = 50

https://forum-website.com/admin/users/50/log_out

Update:

I found a post talking about this is this the answer i was looking for ?

https://forum-website.com/admin/users/50/log_out?api_username=exampleAdmin&api_key=theKeyFromTheConsole
9

So yeah it was the right syntax but :
https://forum.[website].com/admin/users/[UID]/log_out?api_username=[username]&api_key=[api_key] It’s just leading to an admin page where i can manually disconnect the user.

i also tryed in incognito mode and the querry did’nt went threw it just said that i had been disconnected ( my admin account is’nt connected to the main website because of incognito mode) but as i puted the admin key in the querry it should work right ?

10

that should be a POST, not a GET?

4 Likes
11

test
test.png1431×104 29 KB

This is what we have as result when we try this querry via POST, in the terminale.

Edit: I modified a get querry sent from browser, into a post then it worked. Thanks i’ll keep you up. To know if i close the thread :slight_smile:

12

So with a GET querry modified and send again as a POST, to disconnect a user, we have the modale that open to : “say you’ve been disconnected click refresh”

So that is a good sign, but when we click refresh, it just start a infinite loop that lead to a “Bad redirection page”
As you can see on that screenshot:

multiple-redirections%20(2)
multiple-redirections (2).png1920×1080 107 KB

Question is : What do we have to do to avoid the bad redirection, it looks like it’s because as the user is disconnected from main website and just been disconnected from forum, the forum keep asking to the main website if some one is connected. But when i tryed to fill the logout redirection, It’s changing nothing :confused:

13

The site setting logout redirect should point to somewhere no under auth, like your main site homepage or even https://google.com.