Listed below are the main features of Sign in with Google. You can use the code generator to easily generate code to embed One Tap, Automatic sign-in and the Sign in with Google button into your web pages.
When users visit your website, if there is an active Google session in the browser, Sign in with Google may prompt users to sign in or sign up on your website with their Google account. With just one tap (for a single Google session case) or two taps (when there are multiple Google sessions), users can finish the federated sign-in or sign-up flow. The One Tap UX allows for smooth user entry points, since all the UX flows are performed in an iframe embedded in your web pages.
Users may choose to globally opt-out One Tap. In this case the Google account won't be displayed in One Tap. If all active Google accounts are opted out, One Tap UI won't display.
You are recommended to put One Tap on both your main login dialog and leaf pages. Developers prefer One Tap for many reasons:
- increased user conversion rates. Learn more about how some of our partners have successfully used One Tap to improve their sign up/sign in experience in our case studies.
- allows sign in and sign up without redirecting users to a dedicated sign in / up page.
- allows users to sign in and sign up in the context of your website without having to navigate away from their current journey.
- mitigate duplicate accounts with personalized prompts and automatic sign-in on return visits.
With One Tap, you can also enable the cancelable automatic sign-in, which enables a streamlined UX for returning users. No user gesture is needed for returning users to automatically sign in to your website. Automatic sign-in will be triggered when there is only one active Google account has previously granted consent to share their account profile with your app.
Users have the ability to cancel the auto sign-in process during a 5 second window before it completes, ensuring user control and transparency. If users do cancel automatic sign-in, Sign in with Google will remember that decision for one day before it enables automatic sign in again. The cancelable feature allows users to have more control on the automatic sign in process.
Sign in with Google for Web doesn't support silent sign in, in which case a credential may be returned without any UI displayed. End users will always see some UI, manual or automatic sign in, when a login credential is returned from Google to the relying party. This improves user privacy and control.
Whether to enable automatic sign-in is a decision you need to make based on the UX of your own website.
Sign in with Google button
In contrast to One Tap, the Sign in with Google button flow must be triggered by a user gesture. To that end, Sign in with Google only provides the API to render a button, but not the API to programmatically initiate the button flow. As a developer, all you need to do is render the Sign in with Google button on your web pages. When to trigger the button UX flow is handled by the library transparently.
User profile information may also be used to render the button. A personalized button displays only when there is at least one active Google session that has authenticated a user on your website before. A personalized button reminds end users that they have used Sign in with Google before, and thus helps to prevent unnecessary duplicate account creation on your website. This is especially helpful to end users who visit your website only occasionally. They may forget the login methods they used.
The Sign in with Google button flow supports pop-up and redirect UX modes.
- In the pop-up UX, once the Sign in with Google button is clicked, a new pop-up window will be opened on top of your web page. The button UX flow will be rendered in the pop-up window.
- In the redirect UX, a full page redirect happens after the Sign in with Google button is clicked. The button UX flow will be rendered in the same window. However users cannot see your web page any more when the button UX displays.
Revoking user consent
User consent to share an ID token can be revoked. Sign in with Google provides an API to programmatically revoke user consent.
method in the Google Identity Services authorization API, you don't need an
access token to revoke the user consent. However, you do need to provide the
email address or Google user id of the target Google session, and there
should be an active Google session for that account in the browser.
The revocation API will revoke the ID token sharing and any other authorization scopes if granted previously. This is always the case no matter which revocation API you use.