2 Replies Latest reply on Apr 2, 2015 6:25 AM by user12046129

    Is it possible to force the user to login again when using oauth 2 (implicit grant)




      I'm trying to build an application based on a rest webservice in APEX which is being accessed by a javascript frontend via ORDS. I'm using the "Implicit grant" flow of OAUTH 2.


      When the user is finished with the application, he/she should be able to logout of the application, so another user can login (on the same machine and browser). But, without clearing all cookies, ORDS will automatically give an access token for the previous user, without showing the login screen to allow/deby access to the rest web service.


      (Clearing the cookies is not possible via javascript, since they are httponly)


      I know it is not the "normal" way to use oauth2, but I would like to be able to log-out a user. So how can I force ORDS to show the loginscreen again to give another user the possibility to login?