Third-party applications often require limited access to a user's Google Account for certain types of activity. To ensure that user data is not abused, all requests for access must be approved by the account holder. Access control has two components, authentication and authorization.

Authentication services allow users to sign in to your application using a Google Account.

Authorization services let users provide your application with access to the data they have stored in Google applications. Google takes privacy seriously, and any application that requires access to a user's data must be authorized by the user.

Authentication and authorization services are often referred to collectively as auth.

If you are planning to provide a “sign-in with Google” feature, we recommend using Google+ Sign-in, which provides the OAuth 2.0 authentication mechanism along with additional access to Google desktop and mobile features.

Direct access to an authentication service based on the standardized OpenID Connect mechanism is also available.

Authorization: Access users' data

The OAuth 2.0 open-standard protocol allows users to authorize access to their data, after they have been authenticated. Google supports the OAuth 2.0 protocol with bearer tokens for web and installed applications.

The Authentication and Authorization APIs can be used with both regular Google accounts and Google Apps hosted accounts. Although the user experience varies slightly, the process of managing authorization and/or authentication programmatically is the same for both types of accounts.