Log off client from Battle.net

Hi,

Situation: I have a web page with a login button where a user can log in with their Battle.net account. Using the authorization flow I can show the user’s tag name and such. This is all fine.

What I would like to achieve though, is a “log off” button. This way the user can log off and possibly log in with a different battle.net account. Kind of like the Blizzard site.

Question: I am not sure where this should be implemented.
Is it somewhere in the OAUTH flow or is this something that is managed on the browser side?

In order to achieve this you have to redirect the user to battle.net logout page. If you trace the logout process from this forum you’ll see a redirect to: https://battle.net/login/logout and a ref queryString param that I assume is a redirect uri for after the logout process.

IMPORTANT: This will sign out the battle.net account, meaning the SSO (single sign on) cookie will be invalidated and all services using that such as Blizzard’s forum, store, account management, etc will also be signed out.

Technically, you don’t need to redirect them off your site. Having your web app try to load an “image” at https://battle.net/login/logout will also clear the SSO cookies in the browser and keep the user on your page.

Obviously the image won’t work (since it’s supposed to be a web page) but just hide the thing off the screen and nobody will know.

This isn’t an official supported use but I’ve done this for a couple years and it’s been working fine.

Thanks guys! Works like a charm!

I don’t think the img trick works anymore, because of the same site cookie property. Chrome for example, blocks battle.net cookies when the img is on a different domain.

Blizzard uses “SameSite=None” on all its login cookies, so technically it should still work as before.

However, if you tell Chrome to “block third-party cookies,” that user preference will break the img method of logout.

When I disabled that “block third-party cookies” preference in Chrome, the img method worked on my site. We should still find an alternative method, of course, but just setting the record straight on the cause of the issue.