in my product, I have integrated Calendly using oauth2.0.
When user logged in, it stores cookie inside their domain calendly.com.
The problem is when user sign out and again sign in because of those cookies already store, it does not ask for credentials and logged in with previous account automatically.
At the time of logging out, also invoked revoke token endpoint API provided by Calendly.
Logging out with Iauth2.0
Calendly does not manage a logged-in / logged-out state via oauth. Each request to calendly is authenticated via a unique oauth token. Each time you make a request to Calendly (whether or not a user is logged into your app) you will need to use a refresh token to acquire an access token and then use that access token to make a request. You also do not need to revoke tokens when a user logs out of your account. Access tokens are automatically revoked when they are used.
Calendly does not manage a logged-in / logged-out state via oauth. Each request to calendly is authenticated via a unique oauth token. Each time you make a request to Calendly (whether or not a user is logged into your app) you will need to use a refresh token to acquire an access token and then use that access token to make a request. You also do not need to revoke tokens when a user logs out of your account. Access tokens are automatically revoked when they are used.
I do have revoked token when user does logout. Let me share your relevant codebase in C#.
async Task<BaseOutput<RevokeToken>> RevokeClientTokenRequestMethod(FormUrlEncodedContent content)
{
HttpRequestMessage httpRequest = new(HttpMethod.Post, $"{UrlType.OAuth}{UrlType.RevokeToken}")
{
Content = content
};
HttpResponseMessage response = await _httpClient.SendAsync(httpRequest);
string reponseContent = await response.Content.ReadAsStringAsync();
if (response.StatusCode is not HttpStatusCode.OK)
{
AuthError error = Helper.DeserializeObject<AuthError>(reponseContent, _options);
HandleError(error);
}
RevokeToken revokeToken = Helper.DeserializeObject<RevokeToken>(reponseContent, _options);
return BaseOutput<RevokeToken>.GetOutput(revokeToken);
}
private async Task<T> ExecuteRequest<T>(Func<Task<T>> action)
{
_httpClient.DefaultRequestHeaders.Add(
HeaderTypeKey.ContentType,
HeaderTypeValue.ApplicationXWwwFormUrlEncoded);
return await action();
} When user connect with my application using OAuth2.0, it does store these cookies inside their calendly.com domain.
Hence, at the time of logging out event I revoke token of user (both access and refresh) it does again login directly.
Reply
Sign up
Already have an account? Login
Not a Calendly user yet? Head on over to Calendly.com to get started before logging into the community.
Employee Login Customer LoginLogin to the community
Not a Calendly user yet? Head on over to Calendly.com to get started before logging into the community.
Employee Login Customer LoginEnter your E-mail address. We'll send you an e-mail with instructions to reset your password.