Sign in

Google Classroom add-ons must use Google single sign-on (SSO) to identify and authenticate users.

See Google Identity's OpenID Connect Guide for more information on SSO. We also recommend referencing Google's official documentation on user sign-up and sign-in for automatic sign in and Sign-In Branding Guidelines.

See the frictionless sign-in page for implementation guidance for Google SSO in Classroom add-ons. The frictionless sign-in guide also refers to the test plan that can be used to ensure your add-on is following sign-in best practices.

Sign in flow

To reduce sign-in friction for users, Google Classroom provides the login_hint query parameter when an iframe is opened. login_hint is a user's unique Google ID, and is provided after the user has signed into your add-on for the first time. This parameter provides context on the user that's signed into Google Classroom. See our sign-in parameters guide page for a more detailed discussion of these query parameters.

You must display a Google sign-in dialog if the login_hint query parameter of the current Google Classroom user doesn't match any signed-in user of the add-on. The button must adhere to Google's branding guidelines. If the user is already signed in, they shouldn't be prompted to sign-in again.

initial SSO flow Figure 1. Sign in flow when a user initially launches your add-on.

Individual installations add the add-on to the user's own account. Users are prompted to consent to the add-on's access scopes when the add-on is installed individually.

Administrator installations add the add-on to any or all accounts in the domain, and can only be performed by a domain administrator. The administrator can optionally consent to all access scopes on behalf of all users in the domain; users are not prompted to consent to any access scopes if the administrator chooses to do so.

See Installation settings for more information.