0

I've been looking through the Google Sign-In guides and it says to use the signOut function (https://developers.google.com/identity/sign-in/web/sign-in) for it's self-described purpose. I understand that it doesn't sign you out of Google (that would be frustrating), but I don't understand what it actually does. Does it switch some "logged in" variable from true to false? If so, how do I check it? The reference doesn't provide much detail https://developers.google.com/identity/sign-in/web/reference#googleauthsignout

Rice_Crisp
  • 1,242
  • 1
  • 16
  • 33
  • It looks like it disconnects the current application from the Google account. I don't know *HOW* it does that, but my guess is that it invalidates or removes a token that's stored in a cookie. (Or localstorage) – theGleep Oct 10 '17 at 19:19
  • Cookies are unchanged and localstorage isn't being used. And if I refresh the page, everything looks like it's still signed in. – Rice_Crisp Oct 10 '17 at 19:28

1 Answers1

0

The way Google Sign-In for Websites works is that users coming back to your website will be automatically signed-in with no prompt or action necessary.

When using signOut() this doesn't happen and the user will have to sign-in again. Signing out doesn't revoke any permissions though, but only removes any currentUser information form the current session. When the user then decides to sign-in again they will be logged in right away without a new permission prompt.

To disconnect a user completely and revoke all permissions/tokens there's the extra disconnect() method.

One thing to note is that the signOut functionality only works if you have deployed your website to some hosting. So if you are testing on localhost you won't see the expected behavior. Not sure why that is the case, but I have encountered this problem in the past, but signOut worked as expected as soon as the website was deployed.

To keep your website updated with the current sign-in state you should be listening to isSignedIn and/or currentUser changes, that will also trigger when the user signs out: https://developers.google.com/identity/sign-in/web/listeners

Scarygami
  • 15,009
  • 2
  • 35
  • 24
  • Well the whole "doesn't work with localhost" makes this pretty hard to test. Added the event listener code and, as you said, the currentUser listener works but the isSignedIn does not. Kinda disappointed with Google's lack of information/consistency on this. – Rice_Crisp Oct 10 '17 at 20:22
  • Can confirm that you are correct. Changed my host file to give the localhost a url and it works. Frustrating that information isn't conspicuously shown on the reference site. Thanks. – Rice_Crisp Oct 10 '17 at 20:50