I'm trying to use Google OAuth 2.0 to authenticate a webpage on my local server.
So far I've got:
- Index.php - This page checks if user is logged into with Google account. If user is not logged in, it goes to login.php.
- Login.php - This page redirects to Google's secure login page if no account is logged in. If only one account is logged in, it picks that and redirects back to index.php.
A logout button on index.php allows the app to logout. It logs out of the session for my webpage page only. The Google account remains logged in for other apps.
Now suppose a case where a previous user has left his account logged in. The next user logs in to the account and realizes that the website is authenticating the previous user. So, I'd want to have a logout button that would get me completely logged out of Google Accounts and then redirect back to my Login.php page.
What I've got so far is clearing the $_SESSION['access_token'] and $_SESSION['USER'], but it only logs out of the app, but not out of Google Accounts.
One approach I've tried is having a link point at https://accounts.google.com/logout in a new tab and my target webpage in the current tab. But this URL logs out of my account but still remembers my ID.
Is there a way to completely logout of Google account in a single click?
Is there a more elegant approach?
