signout function does not signout Google

[railsstudent]

I could use the SDK to authenticate by Google account without problem. After I call signout() to sign out from web app, the google account is not really signed out. When I attempted to login again, the same google account is used for authentication while I wished to use a different google account.
What is the proper way to log out of google account such that account chooser is loaded for me to select account?
The workaround is to go to gmail.com to actually log out before returning to the app to login again. This is not a very good user experience and introduce security issue because another person can use that computer to login without typing email and address.

[lucasgao]

clean cookies after signout

[yuntuowang]

@lucasgao is correct, browser will store the google sign in info in cookies. You need to clean cookies after sign out of your app.

[railsstudent]

Is there api to clear cookies that store google sign in token, etc?

[yuntuowang]

@railsstudent Basically cognito will clear cognito cookies in browser once you click "sign out“. But google cookies won't be cleared. You may look into google API to see if there is a way.

We will look into this issue and work on it for sure!

[railsstudent]

I created an iframe that calls https://accounts.google.com/Logout. A hack until a better solution is found.

[yuntuowang]

@railsstudent, awesome!

[bskinny]

Signing out of Cognito Auth should not sign the user out of Google. A user can be signed into Google beforehand and should stayed signed in after any Cognito logout. Correct?

[yuntuowang]

HI @bskinny, yes. Basically cognito will clear cognito cookies in browser once you click "sign out“. But google cookies won't be cleared.

[bskinny]

@raphadko Have you tried running the sample? Authenticating with the Google external identity provider works but perhaps using the sample application will determine if you problem is with AWS or Google configuration.

[raf202]

Yes I used the sample.

[howard-lin-zocdoc]

I'm facing the same problem. What I need is to have the ability to switch Google Accounts. Even after user is logged out with Cognito, Google still remember the last account used to login. User end up with a login loop and have no option to select another account.

Google Sign In Web supports prompt= select_account to always show the account chooser.

I think the feature request here is to have Cognito also support adding this query parameter when landing on Google login page.

Search for select_account in Google's documentation. https://developers.google.com/identity/sign-in/web/reference#googleauthsigninoptions

[yuntuowang]

Hi @howard-lin-zocdoc, I get your point. Basically, since once you click sign-out, google cookie won't be cleared. So you won't be redirected to the google page to choose an account to sign in.

[howard-lin-zocdoc]

@yuntuowang Yup, I think there is no way we can clear cookies under Google's domain. Can you comment on if adding prompt=select_account this is something you guys will do?

[yuntuowang]

I will mark this as a feature request on your behalf. For sure, it will be in our feature request queue, however I cannot comment on the delivery time of it now.

[fgrillo]

@yuntuowang any news regarding this issue? I'm also experiencing this, users are not prompted to select the google account after they choose one for the first time.

[rioastamal]

@yuntuowang Any update? If we uses Hosted UI we have option to "Sign in as different user" when using Google account.

[NivethaMuthukumar]

re request on your behalf. For sure, it will be in our feature request queu

@yuntuowang any update regarding this? i'm also facing this issue

[rakesh0r]

@yuntuowang any update ? i'm also facing this issue

[chvenkataraman]

We are also facing the same issue. This is the usual requirement to go to prompt again for login after logout - instead of considering the same previous user. @yuntuowang: Can we make this as priority (by changing to some other instead of feature request)?

[jorgexgb]

@yuntuowang any updates on this? This really affects user experience. Its been 2 years now since people started reporting this. Any way to expedite this?