By adding Google+ Sign-In, you bring the power of Google to your site. When a user is signed in, you get an OAuth token for making API requests on their behalf, which you can use to better understand your user, connect them with their friends, and create a richer and more engaging experience.
The first time a user clicks on the sign-in button, they will see an authorization dialog. This dialog outlines how the application will use their data. The user then can consent to the authorization or cancel. After authorizing, a returning user will not be prompted again for authorization. Additionally, if you have an Android app, you can prompt them to install your app during the web sign-in flow.
A user always has the option to revoke access to an application at any time.
Choosing a sign-in flow
You have multiple options for handling the sign-in flow:
Hybrid server-side flow
Use when your server needs to access Google APIs on behalf of the user such as when the user is offline. This approach requires passing a one-time authorization code from your client to your server that is used to acquire access and refresh tokens for your server. This flow is the recommended approach for getting server-side tokens.
Pure server-side flow
Use with the
https://www.googleapis.com/auth/plus.loginscope. This flow is not recommended: you will lose the ability to use over-the-air installs if you choose this flow.
Cross-platform single sign-on
When a user signs in with their Google account in a web browser or on an Android device, they can be seamlessly signed in across web browsers and Android devices using the same Google account. This feature allows users to get the best experience out of multiple devices by making it easier for them to sign in to your service.
When the button is loaded on the web, it immediately checks to see if the user has authorized the application. This check is called "immediate mode" and if successful, the Google servers return an access token and pass a new authorization result object to the callback. If the button cannot make an immediate-mode authorization, the user must click the sign-in button to trigger the access flow.
To enable cross-platform single sign-on:
- The Android and web app must be registered in the same Google Developers Console project.
- The requested scopes on each platform must match the scopes from other platforms.
Cross-platform single sign-on works for the user when the following requirements are met:
- The user is signed in to Google in the browser or on the Android device.
- The user has previously authorized your app for the same scopes and app activities.
This experience is similar to when a user opens an Android app the second time. If the user previously authorized the app, then the user remains signed in: users do not click the sign-in button every time they open the app.
When a user is seamlessly signed in, Google displays a reminder that they are logged in using their Google account. This reminder only appears once per device.
- What data is sent to Google when you click the sign-in button?
- When a user signs into your app with Google+, Google will receive information including information about the user's Google profile, the user's IP address, and other browser or client related information. Google may also receive details of the user's activities in your app if the app uses the moments API methods.