How to add logout feature to an OpenID enabled site?

Question

I have recently added OpenID login to my website. But I don't know how to add the logout feature.

For example, on clicking the Sign In button I am able to show the login form of the selected OpenID provider, for example Google Account. However, I don't know how to implement a Sign Out button to sign out of the Google Account.

Please advice.

Answer 1

Individual OpenID providers offer different URLs for logout to which the user can be redirected.

Google: https://www.google.com/accounts/Logout

Yahoo: https://login.yahoo.com/config/login?logout=1

There has been discussion of allowing OPs to provide these URLs as a part of the standard; see this discussion on the OpenID mailing list.

Answer 2

OpenID relying party can't log user out of OP, you can only implement local logout. Just like RP can not log user into OP.

Answer 3

I think you're mixing paradigms (hate that word, but can't think of a better one to use just now). Your login link sends the user to their OpenID provider for authentication, but it's not the user logging in to their Google account that's the important bit, it's logging in to your website, by providing credentials via OpenID. The user may well already be logged in to their OpenID provider; you don't (can't) know and don't have to care.

Similarly, the logout link on your site should log the user out of your site only, returning them to the same state as before they clicked the login button. The user might have logged out of their OpenID provider already; you neither know nor care. This site is a good example :).

Answer 4

Just destroy the session.