Preventing automatic sign-in when using Google+ Sign-In

how do i stop google from automatically signing me in?
how do i stop gmail from automatically signing me in
how do i stay signed in to my google account?
how do i stop google from automatically signing me out
chrome keeps logging me out of websites
chrome auto sign-in
enable automatic sign in gmail
disable sign in with google

I am in the process of integrating Google+ sign in with my site, which also lets users sign in with Twitter and Facebook. The sign in page of the site therefore has 3 buttons, one for each of the services.

The issue I am having is in the following scenario:

  • user goes to the sign in page
  • user signs in successfully with G+
  • user signs out of my site (but the account is still associated with G+, signing out of the site does not disconnect the G+ account)
  • user visits the sign in page again
  • at this stage the Sign in with G+ button is rendered and automatically signs the user into the account associated with G+ without the user having to click the button

The problem is that on revisiting the sign in page, I want the user to have the option of signing in with another service, rather than automatically being signed in with G+. If the user wants to sign in with G+ then they can do so by clicking the button - the user will then be signed in automatically.

Is it possible to prevent this automatic sign in on button render? I can simulate it by using the data-approvalprompt="force" as an attribute on the button, but I don't think this is an ideal solution (the user then has to go through the confirmation process, which I would ideally would like to prevent)

Update

The best supported way to prevent automatic sign-in is to use the API method gapi.auth2.getAuthInstance().signOut() which will prevent automatic sign-in on your site after it has been called. Demo here.

In the demo, the user is signed out when they leave the page as shown in the following code:

window.onbeforeunload = function(e){
  gapi.auth2.getAuthInstance().signOut();
};

Now, whenever the user exits the site (e.g. closes the window, navigates away), they will be signed out and the sign in button will not trigger sign-in until the user clicks it.

I don't recommend you do this in your own implementation but instead allow the user to explicitly sign out when they no longer desire want to be signed in. Also, please note that my example is a demo, you probably do not want to sign the user out automatically any time they leave your site.

Original Post

First, you should not be using data-approvalprompt="force" as this will cause extra authorized subtokens to be issued to your application / client and is designed to be used in scenarios where the user needs to be reauthorized after credentials have been lost server-side.

Second, you probably do not want to have the behavior where the user needs to click to sign in because they are already "signed in" to their Google account and it could be confusing to need to sign in (or trigger sign-in) again, separately, for your site.

If you really wanted to do this, you would perform an explicit render for the signin button but would not make the call to gapi.signin.render as documented in the Google+ sign-in documentation until you are aware that the user will not automatically get signed in.

The following code shows how to enable explicit render of the sign-in button:

<script type="text/javascript" src="https://apis.google.com/js/plusone.js">
{"parsetags": "explicit"}
</script>
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
<head>
<script type="text/javascript">
var token = "";
function onSigninCallbackVanilla(authResponse){
   // in a typical flow, you show disconnect here and hide the sign-in button
}

The following code shows you how to explicitly render the button:

  <span id="signinButton">
    <button id = "shim" onclick="gapi.signin.go(); $('#shim').hide();">Show the button</button>
    <span
      class="g-signin"
      data-callback="onSigninCallbackVanilla"
      data-clientid="YOUR_CLIENT_ID"
      data-cookiepolicy="single_host_origin"
      data-requestvisibleactions="http://schemas.google.com/AddActivity"
      data-scope="https://www.googleapis.com/auth/plus.login">

    </span>
  </span>  

How you're communicating that the user is signed out of your site is probably going to vary from site to site, but one approach could be to set a cookie indicating the "signed out" state for a user and then using this as the trigger for blocking explicit load. The behavior gets a little trickier when a user visits your site and has disabled cookies or uses a separate, signed-in, browser. To address this, you could do something complicated like querying the user state from your server over XHR on the sign-in callback and pretending not to know the user is signed in to Google+.

How do I stop google from automatically signing me into youtube , I have an account for my bookmarks, gmail etc, but I don't want this account automatically logged into YouTube. Surely there is a way to stop  Starting in Chrome Version 69, however, Google quietly introduced an “auto sign-in” feature that would automatically sign you into Chrome when you signed into a Google service such as Gmail. This was frustrating for many users, as some only prefer to use a local account in Chrome and use Google services separately.

Just check for g-auth-window in the callback function:

    function google_sign_callback(authResult){
        if(authResult['g-oauth-window']){

        }else if(authResult['error']) {

        }
    }

Stay signed in or out of your Google Account, These tips can help you stop non-Google accounts from automatically signing you in. Turn off saved passwords in Google Chrome, Mozilla Firefox, and Windows  When you sign in to your Google Account, you'll stay signed in until you sign out. If you're using a public computer or someone else's device: Browse in private. When you’re done, close all private

I had this issue and used auth2.disconnect()

function onSignIn(googleUser) {
    var profile = googleUser.getBasicProfile();
    var auth2 = gapi.auth2.getAuthInstance();
    auth2.disconnect();

    //do other stuff
}

Edit: you need to store the token before you disconnect because in some cases id_token will become null after disconnect:

function onSignIn(googleUser) {
    var profile = googleUser.getBasicProfile();
    var idToken=profile.id_token;
    googleUser.disconnect()

    //use idToken for server side verification
}

If i'm correct you have your own sign in mechanism for your site and just need google sign in to sign up a user on verified email. in this case you can easily disconnect after you get the profile info. Next time you load the page you will see "sign in" button instead of "signed in " button.

How do I prevent google oauth from auto signing in?, My problem is that if the user is already signed in, google will automatically call the onSignIn function causing the form to be submitted when the  Add a Google Sign-In button. The easiest way to add a Google Sign-In button to your site is to use an automatically rendered sign-in button. With only a few lines of code, you can add a button that automatically configures itself to have the appropriate text, logo, and colors for the sign-in state of the user and the scopes you request.

Unfortunately calling gapi.auth.signOut() made the app to log-in again when I'm requesting user data (neither it is persistent)

So the solution, as suggested by @class is to revoke the token:

  $.ajax({
    type: 'GET',
    url: 'https://accounts.google.com/o/oauth2/revoke?token=' +
        gapi.auth.getToken().access_token,
    async: false,
    contentType: 'application/json',
    dataType: 'jsonp',
    success: function(result) {
      console.log('revoke response: ' + result);
      $('#authOps').hide();
      $('#profile').empty();
      $('#visiblePeople').empty();
      $('#authResult').empty();
      $('#gConnect').show();
    },
    error: function(e) {
      console.log(e);
    }
  });

How to Stop Gmail From Signing On, You can prevent Gmail from automatically signing on at your small business However, deselecting all automatic sign-in options via your Google account page​  How to Stop Automatic Sign in in Google Chrome Browser. With Chrome 69, Google began automatically signing you into the Chrome browser whenever you signed into a Google website like Gmail.

I too has same issue this how i fixed it.I may not sure this is a stander way to do it but still it works fine with me...

add this Google JS from google developer

<script src="https://apis.google.com/js/platform.js" async defer></script>
<script>

function onSuccessG(googleUser) {
        var profile = googleUser.getBasicProfile();
        console.log('ID: ' + profile.getId()); // Do not send to your backend! Use an ID token instead.
        console.log('Name: ' + profile.getName());
        console.log('Image URL: ' + profile.getImageUrl());
        console.log('Email: ' + profile.getEmail());
}
function onFailureG(error) {
    console.log(error);
}
function renderGmail() {

  gapi.signin2.render('my-signin2', {
    'scope': 'https://www.googleapis.com/auth/plus.login',
    'width': 0,
    'height': 0,
    'longtitle': true,
    'theme': 'dark',
    'onsuccess': onSuccessG,
    'onfailure': onFailureG
  });
}

Now add html link and onClick call this renderGmail() function.

<a href="javascript:void(0)" onclick="renderGmail();"> SignUp with Gmail</a>

I hope this works...

How to Stop Chrome From Automatically Signing You Into the Browser, With Chrome 69, Google began automatically signing you into the Chrome browser whenever you signed into a Google website like Gmail. To disable the sign-in link, click the drop-down box, and set it to “ disabled .” Once that’s done, all you need to do is restart Chrome. This will only take effect once Chrome is entirely

How to Turn Off Google Chrome Auto Sign-In, I actually want automatic sync and sign-in on starting Chrome. The option is enabled – but Duration: 2:15 Posted: Apr 15, 2020 We’ll stop supporting this browser soon. How to disabling automatic sign-in for Gmail in Google Chrome Browser - Duration: 2:49. Tips And Trick 1,604 views. 2:49.

How to Disable Chrome Automatic Sign-In to Google Services , How to Disable Chrome Automatic Google Sign-In. Open Chrome and update to a newer version if you have not done so already; Enter in the  On the sign in page, select Sign in with Google , Log in with Google, or Join with Google. You should only grant permission if you trust the site or app. The app may also automatically sign you in the next time you use it. Remove a site or app with access to your account. Open your Google Account. You might need to sign in. Choose Security.

Google to allow Chrome users to disable controversial login feature , Google is walking back some controversial Chrome changes. Users will be able to disable the automatic Chrome sign in with an update  Tech support scams are an industry-wide issue where scammers trick you into paying for unnecessary technical support services. You can help protect yourself from scammers by verifying that the contact is a Microsoft Agent or Microsoft Employee and that the phone number is an official Microsoft global customer service number.

Comments
  • STILL A PROBLEM TODAY! I can't stand that the big guys can't work together and realize this use-case is important.
  • Can it by anyway change the button's format, look into my question: stackoverflow.com/questions/21984213/…
  • window.onbeforeunload not working on chrome why so? did you faced the same problem
  • Use this if you're using google's new sign in api: gapi.auth2.getAuthInstance().signOut()
  • Be aware that the gapi.auth2.getAuthInstance().signOut() call is asynchronous, so you probably want to wrap it in an async function or a promise. If you have follow-up actions to perform that are dependent on it being complete, it gives you some predictability in the sequence. I had an issue with a redirect that I called after signOut(), but that would sometimes trigger before the latter was able to finish. As a result, once every few while the next visit to the login page would result in an automatic sign in.
  • I compared the responses but certainly missed 'g-oauth-window'. Thank you!
  • Another way is to check authResult.status.method. It will be set to PROMPT if the user initiated the request (as opposed to AUTO).
  • Any idea about the newer API? The closest I see in the current sign-in API is getAuthResult() which gives me an object containing tokens and also session_state: { extraQueryParams: { authuser: '0' } }
  • This was super helpful! I ended up using googleUser.disconnect() instead. The documentation says slightly different things for the two methods, but I'm not sure that they do different things.
  • Thanks neal just tested googleUser.disconnect() and did the same