Google user authentication options for sign-up and sign-in
This page enables you to rapidly test, compare, and contrast sign-in options
offered by Google; directly using requests to Google OAuth API endpoints or
indirectly through the use of JavaScript libraries.
Button images are available from Google's
branding guidelines
page.
Credential requests require a user to begin the sign-in flow
Requires a browser that supports the Federated Credential Management
API
User credentials are returned through an async browser API call
Response_type is currently an id_token
In this example, Google is configured as the Identity Provider (IdP).
The navigator.credentials.get and IdentityCredential.disconnect browser
APIs trigger sign-in and revoke the session between the RP and IdP
without a third-party JavaScript library.
Credential response
Working with sessions
Session state affects account chooser and sign-in behavior, user flows
differ when no sessions exist or existing session(s) are found.
To start from a known state with no user sessions:
- Close ALL existing Chrome Incognito windows, terminating any active Google sessions.
- Open a new Chrome Incognito window (Ctrl-Shift-N).
To establish a Google user session:
- Open news.google.com
- Click on 'Sign in' in the upper right hand banner to sign in to a Google Account, establishing a new session.
Selecting user accounts in advance
The sign-in options below allow user accounts to be filtered.
No user prompts are required when:
- Only one active Google account session exists
- login_hint is used when two or more active Google account sessions exist
- User has previously granted consent
Optional additional gestures:
1. Sign-in to a Google account is required when:
- no active Google account session exists
- Google requires reauthentication for security reasons or other factors
2. Account chooser gesture is required when:
- login_hint is not used when two or more active Google account sessions exist
- login_hint is used but a corresponding Google account does not exist
3. Consent is required:
- once for each Google account and application (client id) tuple,
- when site settings optionally call for it,
- when requested scopes do not fully match previously approved scopes