Account Linking with OAuth 2.0

Supported OAuth 2.0 flows

To integrate your service with Google, you must at a minimum support the OAuth 2.0 implicit flow. For improved security, you can support the OAuth 2.0 authorization code flow.

OAuth 2.0 flowAdvantagesDisadvantages
Implicit flow Simplest to implement
Access tokens visible to browser
Origin of access tokens can't be determined
Access tokens cannot expire (by Google policy)
Authorization code flow Most secure
Access tokens and refresh tokens can be created only if a shared secret is known
Can be enhanced with new security and UX features when they become available
Must implement multiple auth endpoints