8

I successfully implemented login with google with the example codes provided by google.

However, I'm not sure of how I should use this 'backend-server authentication' thingy.

which is provided in : https://developers.google.com/identity/sign-in/web/backend-auth

I'm developing a website that requires google login and google drive, as the program flows:

  1. User Logins to the website using google account
  2. The User writes some text
  3. The User saves(uploads) to the user's google drive

Before I implement the google drive API, I think I need to handle with the google login system, but I'm not sure how to do it.

Currently, my website goes as 1. User logs in / 2. User logs out / 3. Then the web does not ask the google account, just logs the previous user inside.

Does 'backend-server authentication' gives an answer to my question below?

I understand that it is the same issue as this : How to Logout of an Application Where I Used OAuth2 To Login With Google?. I understood the meaning of the answer, but I cannot find a way to implement to just "log out from the app, not google."

So, to wrap it up, my question will be 2;

  1. How do I use backend-server authentication? (Specifically, the token verifying point)
  2. How do I log out of my web app, not google? and is it related to question 1? (Specifically, if a user logs off from the web app, then another user should be able to log in, by entering their id and password)
Community
  • 1
  • 1
Paul K
  • 123
  • 2
  • 2
  • 6

2 Answers2

4

From this section of the documentation:

You can enable users to sign out of your app without signing out of Google by adding a sign-out button or link to your site. To create a sign-out link, attach a function that calls the GoogleAuth.signOut() method to the link's onclick event.

Dan Cornilescu
  • 39,470
  • 12
  • 57
  • 97
  • 2
    I tried this, and it successfully signs out the user. However, if I click the login with google again (without turning off the browser), then the same user is logged in. I wonder if other user could login without turning off the browser. – Paul K Oct 12 '15 at 15:09
  • Yes. On a Google page (search/gmail/calendar/etc) you can add another Google identity or, for some pages, switch between multiple identitities - top right dropdown menu. After choosing a different identity when logging back in to your app from the same tab/window the new identity will be used. You can have different tabs/windows with different identities at the same time. I'm using this for testing authentication (Google Identity Toolkit-based, tho) for my apps with Firefox and Chromium. – Dan Cornilescu Oct 12 '15 at 15:25
  • Thanks for the reply, then do you mean that I should implement Google identity toolkit that you've mentioned with the sign-in button? – Paul K Oct 12 '15 at 15:27
  • No, the reference to GIT was just a note, you're using whatever authentication scheme works better for your app (GIT is better for mine). The Google identity that a browser tab/window "holds" at some moment is the same regardless of the visited site or its authentication scheme. – Dan Cornilescu Oct 12 '15 at 15:37
  • and also, my web page is for different users, not a user who has multiple identities. (if I understood correctly) In this way, how could I solve it? By just redirecting to the first page? (I don't think this would solve it though .... Very confusing..) – Paul K Oct 12 '15 at 15:37
  • Each user browser will have their own identity in their browser. That identity will be used when logging in to your app. The login button/link can theoretically be on any of your app's pages, as needed, a redirect to a first page is not normally necessary (unless your specific app's operation/flow requires it). – Dan Cornilescu Oct 12 '15 at 15:44
  • Sorry to interrupt you several times. For example, my web page shows the first page to sign in, and when the user succeeds with his/her google account, then it would flow to the actual page, to deal with some text data for the user. And when the user is finished, the user will click sign out, the signOut you've mentioned, redirecting to the first sign-in-button showing page. In this case, could redirecting solve the 'moment' of the authentication process? – Paul K Oct 12 '15 at 15:56
  • Normally each HTTP request is standalone, without knowledge of other requests. To implement a certain flow between related requests, like the one you describe, you need some sort of session management. Multiple possibilies out there, this Q&A show some examples: http://stackoverflow.com/questions/1700390/best-option-for-session-management-in-java – Dan Cornilescu Oct 12 '15 at 16:31
-2
%a{:href => "https://mail.google.com/mail/u/0/?logout&hl=en"} sign-out of google account

attach this link in your views. this will sign you out of google.

Laurel
  • 5,965
  • 14
  • 31
  • 57
vishnu
  • 11