Performing Google Federated Login/oAuth2 after initial Authentication

Question

I am trying to support \"Hybrid\" Federated Login and oAuth2 (using logic from this document) for a webservice which will:

1. support Sign in using your G

Answer 1

When the user is redirected back, you call the second request from your own (server-side?) code, and get their email address. When you successfully get it, that means that the user is logged on. You can add it to the session (e.g. as cookie), and as long as you have it, the user is logged on. You make the user log out by forgetting the email address, so by clearing the session/cookies.