bhickey
commented
13 years ago During implementation I looked into shredding the Google credentials after they were used for auth and relying on our own token. Trouble is that the API call to drop credentials logged the user out of other Google services.
Logging out will shred the user's WeScheme credentials. However, if the user has active Google credentials and clicks login, the server will use those to reissue WeScheme credentials without requesting a password.
dyoo
Melissa Xie reports that logging out doesn't seem to really clear out the google login key, so that if one does a login, it automatically logs in using the existing google credentials.