In May 2016, we released the newest version of Google Identity Toolkit as Firebase Authentication, and in April 2019, we released Google Cloud's Identity Platform. These products include upgraded client SDKs, open source UI libraries, session management and integrated email sending service for forgotten password flows.

On June 30, 2020, the SDKs documented on this page and the API setting page will stop functioning. (The and endpoints, used by Identity Platform and Firebase Authentication, will continue to function.)

To migrate an existing project from Identity Toolkit, see the Identity Platform migration guide or Firebase Authentication migration guide.

Quick-start app for iOS

This quick-start lets you get started with Google Identity Toolkit on iOS in about 30 minutes.

Before beginning you will need the following:

  • Xcode configured for iOS development

Step 1: Get the quick-start app

  1. Download the quick-start Xcode project
  2. Unzip the folder to a new directory (or clone the GitHub repo). The Google Identity Toolkit iOS SDK and the Google+ SDK have already been added to the project.
  3. Find the GitkitDemo.xcodeproj in the GitkitDemo folder. Double-click this file to open the project in Xcode.

Step 2: Configure the Google Identity Toolkit API

This quickstart guide will set up a mobile client that will allow username/password, Google, and (optionally) Facebook login.

Identity Toolkit requires web server components to be configured for features such as 'forgot password'. In this quick-start, for simplicity, we will set up a mobile client without a supporting web server. If you have previously set up a web server (e.g. using one of the other quick-starts) you can skip this section and use the configuration you created in that quick-start. Otherwise, follow these steps and you can set up your Identity Toolkit web server later.

  1. Go to the Google API Console API Library.
  2. From the project drop-down, select an existing project, or create a new one. The API Console groups your information by “project” which bundles associated websites, Android apps, and iOS apps. For the Identity Toolkit API, any websites or apps in the same project will share the same user database.
  3. Enable the Identity Toolkit API service:
    1. In the list of Google APIs, search for the Identity Toolkit API service.
    2. Select Identity Toolkit API from the results list.
    3. Select Enable API.
    When the process completes, Identity Toolkit API appears in the list of enabled APIs. To view the list, select APIs & Services on the left sidebar menu, then select the Enabled APIs tab.
  4. Next, you need to set up the screen Google will show the user when you request the user's email address. In the left-side menu under "APIs & Services", select Credentials, then select the OAuth consent screen tab.
    1. Choose an Email Address, enter your website/app's name as the Product Name, and select Save.
    Once saved, you end up on the Credentials tab.
  5. Next, set up your OAuth2 client ID for registering as an app that accepts Google for sign-in.
    1. In the Credentials tab, select the Create credentials drop-down, then select OAuth client ID.
    2. Under Application type, select Web application, even though you are first creating a mobile app. Set Authorized JavaScript Origins to be https://localhost and Authorized Redirect URIs to be https://localhost/callback. These are placeholder URLs which you can update to point to your Identity Toolkit web server when you set it up.
    3. Now, create a Client ID that will be used with your mobile application:
      1. Select the Create credentials drop-down, then select OAuth client ID.
      2. Under Application type, select iOS and be sure to specify your Bundle ID. The Bundle ID, or Bundle Identifier can be found in XCode
  6. Next, create an API key so that your app can access Google APIs.
    1. Select the Create credentials drop-down, then select API key.
    2. From the "Create a new key" pop-up, select iOS key, and optionally set your app as the allowed referrer.
    3. Select Create.
  7. You're almost there! You just need to decide which sign-in options to support.
    1. On the left-side menu, return to the APIs list by selecting APIs & Services.
    2. Select the Enabled APIs tab.
    3. From the list of enabled APIs, find the Identity Toolkit API, then select the gear icon to the right of the name. This action opens your sign-in page configuration.
      • In the URL Configuration section of the Identity Toolkit configuration screen, you will need to insert some placeholder values since you aren't yet configuring a web server.
        • Widget URL
          From the drop-down, select a URL. This is the URL you entered earlier in the Client ID for Web application, under "Authorized Redirect URIs". For this quick-start app, set this to: /callback
        • Sign-in Success URL
          For this quick-start app, set this to: /
        • Sign-out URL
          For this quick-start app, set this to: /
        • Send Email URL
          For this quick-start app, set this to: /
    4. In the Providers section of the Identity Toolkit API configuration screen, choose which identity providers that you want to support. Without a supporting web server, only identity providers with native SDKs will work. For this quick-start we will configure Google and (optionally) Facebook login.
    5. (Optional) Configure Facebook login
      1. Go to the Facebook developer page register or log in, then select My Apps->Add a New App
      2. Choose the "Website" platform
      3. At the "Setup SDK" part of the quickstart, enter your Site URL. For this demo, that will be http://localhost:8000/callback. Click next. You do not need to use their code snippet.
      4. Once the app is set up:
        • Go to the Dashboard for your app and enter the Facebook App ID as the Client ID.
        • In the API Console Identity Toolkit API configuration page, enable Facebook as a provider and enter the Facebook App ID and App Secret.
    6. Make sure to save your settings!

    Step 3: Set up the quick-start app

    1. Configure the GITClient and GIDSignIn variables in GKDAppDelegate.m with your own values.

        GITClient *gitkitClient = [GITClient sharedInstance];
        gitkitClient.apiKey = GITKIT_API_KEY;
        gitkitClient.widgetURL = GITKIT_WIDGET_URL;
        gitkitClient.providers = @[ kGITProviderGoogle ];
        [GIDSignIn sharedInstance].clientID = GOOGLE_CLIENT_ID;

      About the configuration values

      • gitkitClient.apiKey is the Key for iOS applications in the Public API access section of the credentials page.
      • gitkitClient.widgetURL is your web server Identity Toolkit widget URL. If you don't yet have a web server, just use @"http://localhost?placeholder" as a placeholder.
      • gitkitClient.providers is a list of providers that should match what you configured in the Identity Toolkit page.
      • [GIDSignIn sharedInstance].clientID is the Client ID for iOS applications under the OAuth section of the credentials page.

    2. Configure the .plist

      • In your .plist file, find the array key called URL types
      • Ensure there is the URL identifier "google" with the URL scheme that matches your bundle ID.
      • Ensure there is the URL identifier "gitkit". Change the scheme such that the string following the last period is the first section of your Client ID for Web application under the OAuth section under credentials. For example, if your client ID is, the scheme should be com.googleusercontent.apps.83782575413-qvsq4c2o2mmcj9k6eqjd3e1p3m8eqk2v.

      Alternatively, you can use the project configuration page. Double click on you project file and edit the URL Types under the Info tab per the instructions above so that it looks like this:

    Step 3: Run the quick-start app

    • In Xcode, press the "Play" button to run the app.

    (Optional) Step 4: Configure Facebook Login

    1. Follow steps 1-4 of the Facebook getting started instructions.
    2. In step 4 of the Facebook getting started instructions, you added a URL scheme under URL types in your .plist file. Under this same item, also add the identifier and set it to "facebook".
    3. Copy your Facebook App ID and your Facebook App Secret into the Client ID and Secret Key fields, respectively, in the Identity Toolkit configuration page in the Google API Console. Click "Save" when you're done.
    4. Enable the Facebook sign in by modifying your GKDAppDelegate.m file such that the assignment to gitkitClient.providers now looks like

        gitkitClient.providers = @[ kGITProviderGoogle, kGITProviderYahoo, kGITProviderFacebook ];
    5. Relaunch your app.


    • If you get Error: redirect_uri_mismatch, it is possible that you did not configure the correct Bundle ID in the iOS client ID. To view the Bundle ID configuration, go to the API Console Credentials page, and from the OAuth 2.0 client IDs section, select the iOS client ID. The error may also occur if your [GIDSignIn sharedInstance].clientID is set to the wrong client ID (it should be the one from the iOS client ID).
    • If you get "Error: invalid_client", check that the value you set for [GIDSignIn sharedInstance].clientID is correct as per the above instructions.

    Next steps

    1. Configure a web server for your iOS app, try an Identity Toolkit quick-start for Java, PHP, or Python.
    2. View API reference
    3. Subscribe to announcement mailing list to get the latest update.
    4. Get community support. Join our community and participate in our discussion group.