I created a website for an organization where users can log in with there gsuite accounts from google, let say, user john logged in using [email protected], and do his todos.now imagine user john left an organization and another new user called john, get the new google account called [email protected], when new john gets logged in using google how to check weather its a new gmail or old?
If you are using OpenID Connect, which you should if you need the Authentication of the user and this type of detail, then the combination of the "iss" and the "sub" claim within the access_token are guaranteed to be unique.