I'm trying to work out how to logout a user which is using an application behind Google IAP
The end goal is to be able to bounce the user right back to the initial process they completed the first time they visited the site (i.e. they cannot access my application until they sign in again)
I've looked at the documentation and all I can see is the "Clearing user login" section of https://cloud.google.com/iap/docs/special-urls-howto
However, when the user is redirected to /_gcp_iap/clear_login_cookie this sets the GCP_IAAP_AUTH_TOKEN cookie to none and then redirects the user to the root of my application. The request to / then in turn redirects the user to https://accounts.google.com/o/oauth2/v2/auth (inc. many get params), which then in turn redirects the user to /_gcp_gatekeeper/authenticate, which then sets the GCP_IAAP_AUTH_TOKEN cookie again and finally delivers the user back to my application (now logged back in as if nothing happened)
Could the issue here be that the user is still logged into other google account applications? (e.g. google cloud console, gmail etc)
I wondered if I could perhaps send the GCP_IAAP_AUTH_TOKEN cookie value to https://accounts.google.com/o/oauth2/revoke?token=token, however this appears to be stripped by the IAP load balancer
Any and all assistance appreciated on this one.
