johanvonboer
commented
4 years ago It seems there's only 2 choices regarding google:
-
Logout the user from google completely, which will also log him/her out of gmail and everything else.
-
Only logout the user from the current application (SEAD in this case), but this does next to nothing since all you have to do is click the signin-link and it will log you back in again without you having to enter your password. So all this does is that it prevents the application in question from interacting with your google account, but it doesn't secure/lock your account from other users on the same computer.
I just feel that this is bad from a UX-perspective since it violates the user expectation of their account being secured/locked after having clicked the logout button.
How to proceed?
-
There's OpenID which is a commendable initiative, but I don't think it has gained much traction.
-
We could roll our own account-system, but if we do, do we run it in parallel with google or exclusively?
-
We could just leave it as it is.
When loging out from google, it automatically logs you back in again when you click the sign-in link, which is bad - it should require authentication after an explicit logout.