Warning: This data is provided under the Google User Data Policy. Please review and comply with the policy. Failure to do so may result in project suspension or account suspension.

Get your Google API client ID

To use Google's streamlined sign-in and sign-up flows, you first need to set up your Google API client ID.

  1. Open the "Credentials" page of the Google APIs console.
  2. Create or select a Google APIs project. If you already have a Google Sign-In button, use the existing project and the web client ID.

    If your project doesn't have a Web application-type client ID, click Create credentials > OAuth client ID to create one. Be sure to include your site's domain in the Authorized JavaScript origins box. Please note that Google One Tap can only be displayed in HTTPS domains. When you perform local tests or developement, you must add both http://localhost and http://localhost:<port_number> to the Authorized JavaScript origins box.

Both Google Sign-in and One Tap authentication include a consent screen which tells users the application requesting access to their data, what kind of data they are asked for and the terms that apply.

  1. Open the OAuth consent screen page of the Google APIs console.
  2. If prompted, select the project you just created.
  3. On the "OAuth consent screen" page, fill out the form and click the “Save” button.

    Application name: The name of the application asking for consent. The name should accurately reflect your application and be consistent with the application name users see elsewhere. The application name will be shown on the One-tap dialog window.

    Application logo: An image on the consent screen that will help users recognize your app. The logo is shown on Google Sign-In consent screen and on account settings, whereas it’s not shown on One Tap dialog.

    Support email: Shown on the consent screen for user support and to G Suite administrators evaluating access to your application for their users. This email address will be shown to users on the Google Sign-In consent screen when the user clicks the application name.

    Scopes for Google APIs: Scopes allow your application to access your user's private Google data. For the authentication, default scope (email, profile, openid) is sufficient, you don’t need to add any sensitive scopes. It is generally a best practice to request scopes incrementally, at the time access is required, rather than up front. Learn more.

    Authorized domains: To protect you and your users, Google only allows applications that authenticate using OAuth to use Authorized Domains. Your applications' links must be hosted on Authorized Domains. Learn more.

    Application Homepage link: Shown on Google Sign-In consent screen and One-Tap GDPR complaint disclaimer information under the “Continue as” button. Must be hosted on an Authorized Domain.

    Application Privacy Policy link: Shown on Google Sign-In consent screen and One-Tap GDPR complaint disclaimer information under the “Continue as” button. Must be hosted on an Authorized Domain.

    Application Terms of Service link (Optional): Shown on Google Sign-In consent screen and One-Tap GDPR complaint disclaimer information under the “Continue as” button. Must be hosted on an Authorized Domain.

    Figure 1. OAuth Consent Screen fields shown on One Tap UI

  4. Check "Verification Status", if your application needs verification then click the "Submit For Verification" button to submit your application for verification. Refer to OAuth verification requirements for details.