How to revoke an authentication token client side against the Google Api

问题

I am trying to revoke a token using the Google Api client side code.

My code looks something like this:

$.get("https://accounts.google.com/o/oauth2/revoke?token=" + accessToken, function () {
        window.location.reload();
    }); 

And I am getting the following error?

XMLHttpRequest cannot load https://accounts.google.com/o/oauth2/revoke?token=tokenishere Origin http://balblabla.com is not allowed by Access-Control-Allow-Origin.

回答1:

After some research I found out that you can get around the cors restriction by specifying a dataType: 'jsonp' option in your jquery ajax request. The relevant info is here: https://developers.google.com/+/web/signin/disconnect

$.ajax({
  type: 'GET',
  url: revokeUrl,
  async: false,
  contentType: "application/json",
  dataType: 'jsonp',
  success: function(nullResponse) {
    // Do something now that user is disconnected
    // The response is always undefined.
  },
  error: function(e) {
    // Handle the error
    // console.log(e);
    // You could point users to manually disconnect if unsuccessful
    // https://plus.google.com/apps
  }
});

回答2:

Following on from @krg's comment:

Based on the error it looks like you cannot do this on this client. Perhaps you'll need a server-side script to handle the request from within your domain. You can also explore this solution. Here's a jsFiddle example using the solution.

I have done this on the server side, using the same code:

$.ajax({
     url:"https://accounts.google.com/o/oauth2/revoke?token=10100101",
     dataType: 'jsonp', // Notice! JSONP <-- P (lowercase)
     success:function(json){
         console.log(arguments);
         // do stuff with json (in this case an array)
         alert("Success");
     },
     error:function(){
         alert("Error");
     },
});

which works.

回答3:

Now jsonp does not work. They have change content type to "application/x-www-form-urlencoded",

    $.ajax({
        type: 'GET',
        url: "https://accounts.google.com/o/oauth2/revoke?token=dsfgdfsg.98sdfgsdfg9sd8fgsdfgs.sdfg89dsfg",
        async: false,
        contentType: "application/x-www-form-urlencoded",
        success: function(nullResponse) {
            // Do something now that user is disconnected
            // The response is always undefined.
        },
        error: function(e) {
            console.log(e)
        }
    });

来源：https://stackoverflow.com/questions/12809339/how-to-revoke-an-authentication-token-client-side-against-the-google-api