I got some question about the OAuth2.0 process.
I would like to achieve something like Stack
Log with google account feature.
I'm using the PHP library from Google.
I'm ok retrieving the refresh token and the access token.
So far so good, my question is : when the user log out from my website and click the button again, how am I supposed to know who the user is to retrieve from DB the right refresh token ?
I thought about keeping the email in a cookie but StackOverflow doesn't seem to do that as I cleared my cookies but Stack keep connecting me as I click the button without showing back the "Application scope authorization" google page.
Am I missing something ? Is there an API allowing to get the user email without token ? Maybe RefreshToken should only be used with Mobile APP where you know the user?
What I want to achieve is relatively simple, the user click the sign-in, first time one has to approve the application. Once its done, I would like to automatically connect the user when the sign-in button is clicked.
Thanks for any information on that