I made my application able to use google outh2.
I made the logout destroy the user entity of the application.
The problem now is that this is not sufficient since if you just click on the google icon you get automatically logged in.
You would say this is the wonderful part of oauth if the user already sign-in on gmail is automatically signed-in on your application without retyping the password.
The problem is for shared workstation. When the user Jack end his work and logout from my application and arrive the user Jane when she click on the google icon she get logged as Jack which is not nice.
Is there a way to invalidate the token? I looked in the api and found setExpireDuration() which may help (but the documentation is very poor at moment)
anyone already found a solution?