Sign In With Google helps you to quickly and easily manage user authentication and sign-in to your website. Users sign into a Google Account, provide their consent, and securely share their profile information with your platform.
Customizable buttons and multiple flows are supported for user sign up and sign in.
Sign up refers to the steps to obtain a Google Account holder's consent to share their profile information with your platform. Typically, a new account is created on your site using this shared data, but this is not a requirement.
Sign In With Google demo
Click the button to sign-in to your Google Account.
Data from Sign In With Google is not used for ads or other non-security purposes.
Some of the reasons to add Sign In With Google to your site are:
- Add a visibly trusted and secure Sign In With Google button to an account creation or settings page.
- Pre-populate new accounts with consensually shared data from a Google Account profile.
- Sign in once to a Google Account without re-entering usernames or passwords on other sites.
- On return visits sign in automatically or with one click across an entire site.
- Use verified Google Accounts to protect comments, voting or forms from abuse, while allowing anonymity.
These features are supported by Sign In With Google:
- Sign up, to optionally create a new account auto-filled from a Google Account profile.
- Sign in, using an account chooser to select from multiple accounts.
- Sign in with One tap, if you've already signed in to your Google Account.
- Sign in Automatically, on return visits from using your computer, phone or even multiple browser tabs.
- Sign out, to disable automatic sign in across all your devices.
- Suspending your Google Account stops sign in to all sites using Sign In With Google.
- Deleting your Google or partner account affects one, but not the other.
- Use a third-party identity provider or sign up directly if you choose not to share your Google Account profile with a site.
Migrating to the Sign In With Google button
A personalized experience enables users to view a profile picture to identify or choose from multiple Google Accounts, thereby decreasing sign up and sign in friction.
With user trust and safety in mind we've improved privacy controls and increased visibility for any data that is shared.
A consistent look and feel across the Internet improves user trust versus inconsistent Google Sign-In branding.
For developers, we've redesigned our libraries to require less coding and effort on your part.
Additionally, these changes are intended to isolate and minimize risk as we rollout out new features and security changes such as disabling third-party cookies.
See our migration guide for more.
Separated Authentication and Authorization Moments
If your website need to call both authentication and authorization APIs, you need to call them separately at different moments. At the authentication moment, the One Tap and/or personalized button are displayed to allow users to sign in or sign up to your website. At a later time, when loading data from Google is required, you call the authorization API to ask for the consent and get access tokens for data access. This separation complies with our recommended incremental authorization best practice, in which the permissions are requested in context.
To enforce this separation, the authentication API can only return ID tokens which are used to sign in to your website, whereas the authorization API can only return code or access tokens which are used only for data access but not sign-in.
Thanks to this separation, users will have consistent authentication experiences across different websites, which may bring more user trust and usages, and eventually better user conversion rate on your website.
How it works
Google Account sign-in
For Sign In With Google to work, there should be an active Google session in the browser. One Tap and Automatic sign-in are triggered only when users have signed in to Google before loading your web pages. With the Sign In With Google button flow, users are prompted to sign-in to Google when the button is pressed, establishing an active Google session:
and then sign in to the Google Account:
Next, Google confirms the Google Account owner has given consent to share their profile with your app.
Consent and sign-in with One Tap
If they've not already done so, users visiting your site are prompted for consent to share their Google Account profile information with your app.
When One Tap is enabled users will be presented with the consent and sign-in dialog:
Consent and sign-in using the Sign In With Google button
If users have previously signed in to your app and granted consent, the personalized button will be displayed and clicking the button will directly sign users into your site.
Otherwise, an unpersonalized button is shown:
Pressing the Sign In With Google button triggers the consent and sign-in moment:
Automatic sign-in is only an option if a user has previously granted consent. If you enable Automatic sign-in, returning users are shown a popup dialog for a short period of time to enable them to cancel the sign-in process before the ID token is shared with your app. First time visitors, or users who have revoked their previous consent to share their profile with your app will instead be presented with the One Tap dialog.
User sign-in to your site
You'll manage per user session state for sign-in to your site.
User sign-in status to their Google Account and your app are independent of each other, except during the sign-in moment itself when you know that the user has successfully authenticated and is signed into their Google Account. Users may remain signed-in, sign-out, or switch to a different Google Account while maintaining an active, signed-in session on your website.
From here, you might:
- choose to simply allow the verified user to access pages on your site,
- use the profile information to check for duplicate accounts, associating the user with an existing account, or use the profile information to pre-populate and create a new account on your platform,
- allow other activities where a verified user account is necessary.
Users may globally disable One Tap and Automatic sign-in, or revoke consent to share their account profile by visiting myaccount.google.com at any time.