I have a flutter web app that where users log in with their Google Workspace account.
In my scenario, I need the app to allow the user to log out, so that another user can quickly log in to that same workstation/browser/tab, because the business requires multiple users to operate on the same workstation frequently throughout the day.
The login/logout workflow works fine using the Chrome browser. My problem arises when a different user wants to log in. They click the "log in" button, and rather than be presented with the Google OAUTH workflow again, the previous user's credentials are still persisted and that user is logged back in instead.
I need to fully invalidate the user credentials when they log out. However, I've not yet found a way to do this with Firebase Authentication. Firebase does indeed log them out, but some caching process is persisting that token.
I tried:
final auth = FirebaseAuth.instance;
await auth.setPersistence(Persistence.NONE);
But that doesn't work. The token is still retained in memory for that browsing session, such that even if I close the browser tab and re-open an new one, click "log in" the Firebase Auth workflow still logs in the previous user token rather than offering up the standard google OAUTH login prompt.
How do I fully invalidate a credential when they log out?
My guess is that the Google sign-in is still persisted, not so much the Firebase sign-in.
So when the new user clicks sign-in, the code sees there's an active Google sign-in and picks that up. You'll need to either sign-out of Google (too) or revoke the app's OAuth privileges/connection.
For an example of the latter, see Google Firebase sign out and forget user in Android app