diff --git a/oauth3.core.js b/oauth3.core.js
index dacc5eb..2467190 100644
--- a/oauth3.core.js
+++ b/oauth3.core.js
@@ -821,7 +821,7 @@
       var logoutReq = OAUTH3.urls.logout(
         directives
       , { client_id: (opts.client_id || opts.client_uri || OAUTH3.clientUri(OAUTH3._browser.window.location))
-        , windowType: 'popup' // we'll figure out background later
+        , windowType: 'popup' // TODO: figure out background later
         , broker: opts.broker
         //, state: opts._state
         , debug: opts.debug
@@ -964,6 +964,11 @@
             , status: xhr.status
             });
           };
+          xhr.ontimeout = function () {
+            var err = new Error('ETIMEDOUT');
+            err.code = 'ETIMEDOUT';
+            reject(err);
+          };
 
           if (preq.progress) {
             xhr.upload.onprogress = function (ev) {
@@ -981,6 +986,9 @@
           // For assets.example.com/assets
           xhr.withCredentials = true;
 
+          if (preq.timeout) {
+            xhr.timeout = preq.timeout;
+          }
           if (preq.data) {
             headers['Content-Type'] = 'application/json'; // TODO XXX TODO utf8
           }
diff --git a/oauth3.node.js b/oauth3.node.js
index 37b4d98..efa25c6 100644
--- a/oauth3.node.js
+++ b/oauth3.node.js
@@ -44,6 +44,7 @@ OAUTH3._node.request = function(preq/*, _sys*/) {
     method: preq.method
   , url: preq.url || preq.uri
   , headers: preq.headers
+  , timeout: preq.timeout || undefined
   , json: preq.data || preq.body || preq.json || undefined // TODO which to use?
   , formData: preq.formData || undefined
   };