We are using Duende IdentityServer to authenticate users. Several people trying to log in have multiple Google accounts that they would like to use when logging into our server. Usually the use case is that the person has a personal gmail account and company email address that uses Google Workspace to provide the email address. We also have people that have multiple business accounts with google that need to log into our system with different accounts in order to maintain separation between their user information for the two companies.
We set up IdentityServer using the isaspid template and filled out the google clientID and clientSecret to allow for google based SSO logins. However when we do the signout and attempt to sign back in, when we click on the "Google" external IDP option, we find that the user is still connected with the same google account and the google user claims immediately show up. There is no opportunity to provide a different google username/password login and there is no way to choose between different google accounts.
For signout from the sample Razor application built as one of the quickstarts, we are calling Signout("Cookies", "oidc") but that gave us the immediate login without reallying signing out from google.
Next we tried using some code from the Documentation page about signout with external providers, which looks like this:
var idp = User.FindFirst("idp").Value;
if (idp != "local")
{
return SignOut(idp);
}
The value for the "idp" claim is "google". When this code ran, it threw an error saying that there was no support for signout from the "google" idp.
What do we need to do so that when we sign out of our application we are offered the choice to either redirect over to the OIDC page to enter username/password for a different google account, or somehow see a list of the google accounts we are logged in with and allow us to choose a different google account from a list? I would imagine there is something we need to do at logout time, but is there also something we need to do at log in time?
Also, when we created the clientId and clientSecret for doing google authentications, we set that up on the google page for one specific google workspace. Is there something we need to do when setting up the OAuth connection to Google that allows us to use any one of multiple google accounts?