In May 2016, we released the newest version of Google Identity Toolkit as Firebase Authentication, and in April 2019, we released Google Cloud's Identity Platform. These products include upgraded client SDKs, open source UI libraries, session management and integrated email sending service for forgotten password flows.

On June 30, 2020, the SDKs documented on this page and the API setting page will stop functioning. (The and endpoints, used by Identity Platform and Firebase Authentication, will continue to function.)

To migrate an existing project from Identity Toolkit, see the Identity Platform migration guide or Firebase Authentication migration guide.

Quick-start App for Ruby

This quick-start lets you get started with Google Identity Toolkit on Ruby in about 30 minutes.

Before beginning you will need the following:

  • Ruby 1.8.7
  • Install Ruby Gem

    sudo apt-get install rubygems
  • Install Gem Bundler

    gem install bundler

Step 1: Configure the Google Identity Toolkit API

This quickstart guide will set up a basic website that will allow username/password, Google, Yahoo, and (optionally) Facebook login.

  1. Go to the Google API Console API Library.
  2. From the project drop-down, select an existing project, or create a new one. The API Console groups your information by “project” which bundles associated websites, Android apps, and iOS apps. For the Identity Toolkit API, any websites or apps in the same project will share the same user database.
  3. Enable the Identity Toolkit API service:
    1. In the list of Google APIs, search for the Identity Toolkit API service.
    2. Select Identity Toolkit API from the results list.
    3. Select Enable API.
    When the process completes, Identity Toolkit API appears in the list of enabled APIs. To view the list, select APIs & Services on the left sidebar menu, then select the Enabled APIs tab.
  4. Next, you need to set up the screen Google will show the user when you request the user's email address. In the left-side menu under "APIs & Services", select Credentials, then select the OAuth consent screen tab.
    1. Choose an Email Address, enter your website/app's name as the Product Name, and select Save.
    Once saved, you end up on the Credentials tab.
  5. Next, set up your OAuth2 client ID for registering as an app that accepts Google for sign-in.
    1. In the Credentials tab, select the Create credentials drop-down, then select OAuth client ID.
    2. Under Application type, select Web application. A web server is currently required to enable full functionality, even for mobile-only applications, because some identity providers do not have native SDKs.
    3. Enter a client ID Name, then enter the Restrictions as decribed below:
      • Authorized JavaScript Origins
        For this quick-start app, set this to: http://localhost:8000
        This is the URL of your site. For example, if your site is, enter that in the box. (Note that you may add multiple entries if your site can be accessed at multiple URLs.)
      • Authorized redirect URIs
        For this quick-start app, set this to: http://localhost:8000/gitkit
        When you send your users to authenticate with an identity provider like Google or Yahoo, the identity provider needs a page to return to when authentication is complete. Typically this is called an Authorized Redirect or a Callback. With Identity Toolkit this will also be where your sign-in page is displayed. You may use whichever URL you would like. (Usually is fine unless you prefer something else)
    4. Once you've completed these fields, select Create.
  6. Now, create a service account.
    1. Select the Create credentials drop-down again (you should still be on the Credentials tab), then select Service account key.
    2. From the Service account drop-down, select an existing service account or create a new one.
    3. For Key type, select the P12 key option, then select Create. The file automatically downloads to your computer.
    4. In the resulting pop-up window, make note of the private key's password, then select Close. Put the *.p12 file you just downloaded in a directory of your choosing. This directory must be private (you can't let anyone get access to this), but accessible to your web server code.
  7. Next, create a Browser API key so that your app can access Google APIs.
    1. Select the Create credentials drop-down, then select API key.
    2. From the "Create a new key" pop-up, select Browser key, and optionally set your site's URL as the allowed referrer.
    3. Select Create.
  8. You're almost there! You just need to decide which sign-in options to support.
    1. On the left-side menu, return to the APIs list by selecting APIs & Services.
    2. Select the Enabled APIs tab.
    3. From the list of enabled APIs, find the Identity Toolkit API, then select the gear icon to the right of the name. This action opens your sign-in page configuration.
      • In the URL Configuration section of the screen, declare your URLs:
        • Widget URL
          From the drop-down, select a URL. This is the URL you entered earlier in the Client ID for Web application, under "Authorized Redirect URIs". This is the URL where your sign in page will appear, and it is also the URL you need to register with identity providers as your "Redirect URI".
          For this quick-start app, set this to: /gitkit
        • Sign-in Success URL
          This is where users are sent after they successfully sign in. This URL will need to validate the Identity Toolkit API token and then begin an authenticated session however you see fit. Many web application frameworks will generate a session cookie for you.
          For this quick-start app, set this to: /
        • Sign-out URL
          If you choose to use the User Card Widget, when the user clicks the sign out button, they are redirected to this URL.
          For this quick-start app, set this to: /
        • Send Email URL
          Sometimes it may be necessary to contact the user to confirm a password reset or email change. Because of email source verification in use by many email providers, these emails must originate from your server in order to avoid being marked as spam or suspicious. Identity Toolkit API will send a POST request to this URL with email address and the content of the message, and you will need to send the email.
          For this quick-start app, set this to: /sendemail
    4. In the Providers section, choose which identity providers that you want to support. Some identity providers require registration. Select the provider name or down arrow to view provider options/requirements.
    5. (Optional) Configure Facebook login
      1. Go to the Facebook developer page register or log in, then select My Apps->Add a New App
      2. Choose the "Website" platform
      3. At the "Setup SDK" part of the quickstart, enter your Site URL. For this demo, that will be http://localhost:8000/gitkit. Click next. You do not need to use their code snippet.
      4. Once the app is set up:
        • Go to the Dashboard for your app and enter the Facebook App ID as the Client ID.
        • In the API Console Identity Toolkit API configuration page, enable Facebook as a provider and enter the Facebook App ID and App Secret.
    6. (Optional) Configure Twitter login
      1. Go to the Twitter Application Management page and create a new app.
      2. Under "Callback URL" you will have to write the URL to where you will be hosting Identity Toolkit. For this demo that will be
      3. Once the app is created:
        • From your app dashboard go to "Keys and Access Tokens" and copy the Consumer key and Consumer secret.
        • Then, in the In the API Console Identity Toolkit API configuration page, enable Twitter as a provider and paste in your Consumer Key and Secret.
    7. Make sure to save your settings!
    8. There are two code snippets at the bottom of the page. The first snippet helps make the JavaScript configuration easy for your website. The second snippet should be saved in your server side code directory as gitkit-server-config.json.
    9. The server side configuration file needs to be further configured before use. Open the file for editing and change serviceAccountPrivateKeyFile setting to be equal to the path of the *.p12 or *.json file you downloaded earlier. You should use the full path, beginning with / and ending with the full name of the *.p12 or *.json file.

    Step 2: Set up basic site

    1. Download Google Identity Toolkit Ruby quick-start and unzip it into a folder. We use ruby-quickstart. You can also find our source code on Github.

      mkdir ruby-quickstart
      cd ruby-quickstart
      bundle install --path=.
    2. Copy the server-side configuration file gitkit-server-config.json that you created at the end of Step 1 into this ruby-quickstart folder.

    3. Edit this gitkit-server-config.json file with the full path location of the *.p12 file that you downloaded earlier.

    4. In the templates directory, modify widget.html by making modifications to the config variable as indicated in the comments. You will need to copy from the client side configuration file in Developer Console. An example is below. Also change the 'JAVASCRIPT_ESCAPED_POST_BODY' to decodeURIComponent('<%= postBody %>'). <!DOCTYPE html>

      <!-- Copy and paste here the client configuration from Developer Console into the config variable -->
      <script type="text/javascript" src="//"></script>
      <link type="text/css" rel="stylesheet" href="//" />
      <script type="text/javascript">
        var config =
          // Copy and paste Client configuration here
        // The HTTP POST body should be escaped by the server to prevent XSS
            '#gitkitWidgetDiv', // accepts any CSS selector
            decodeURIComponent('<%= postBody %>'));
      <!-- End modification -->
      <!-- Include the sign in page widget with the matching 'gitkitWidgetDiv' id -->
      <div id="gitkitWidgetDiv"></div>
      <!-- End identity toolkit widget -->
    5. Compile and run the sample app

      $bundle exec ruby quickstart-website.rb
    6. View your app on http://localhost:8000

    Next steps