Choosing an Auth Mechanism

Authentication and authorization for Google APIs allow third-party applications to get limited access to a user's Google account for certain types of activities. This document explains the available auth mechanisms and describes what each one provides for your application.

  • Google+ Sign-In provides a simple way to let people use their Google credentials to sign-in to your site. It includes a set of tools that are easy to integrate across different devices.
  • OAuth 2.0 is an authorization protocol for all Google APIs. OAuth 2.0 relies on SSL for security instead of requiring your application to do cryptographic signing directly. This protocol allows your application to request access to data associated with a user's Google Account.
  • Login with OAuth 2.0 (OpenID Connect) authenticates users by having them log in with their Google accounts. This is a replacement for OpenID, and users of OpenID should plan to migrate to Login with OAuth 2.0.

Authentication for Google Apps Marketplace

Google's OpenID service is deprecated and being replaced by Login with OAuth 2.0. Applications built for the Google Apps Marketplace should use OAuth 2.0 login.

For details on implementing OpenID-based SSO, see OpenID Federated Login Service for Google Apps. For details on two-legged OAuth, see OAuth for Google Apps domains. You should also read the Marketplace best practices for SSO.