Google user authentication options for sign-up and sign-in

This page enables you to rapidly test, compare, and contrast sign-in options offered by Google; directly using requests to Google OAuth API endpoints or indirectly through the use of JavaScript libraries.
Button images are available from Google's branding guidelines page.

User sign-in with OAuth/OIDC API endpoints

Developer docs
Features
Configure response_type:

Sign in using a button

Sign in using a URL

sign-in link

You will be redirected to OIDC debugger for decoding of the ID token reponse.

User sign-in with the Google Identity Services (GIS) JavaScript library

Developer docs
Features

Personalized button using popup with JS callback

Callback response


    

User sign-in with the Google Sign-in JavaScript library (Deprecated)

Developer docs
Features

Sign in button showing session state


Sign out of session

Callback response


    

User sign-in with Google as an IdP using the browser's FedCM APIs

Developer docs
Features In this example, Google is configured as the Identity Provider (IdP).
The navigator.credentials.get and IdentityCredential.disconnect browser APIs trigger sign-in and revoke the session between the RP and IdP
without a third-party JavaScript library.



Credential response


    

Working with sessions

Session state affects account chooser and sign-in behavior, user flows differ when no sessions exist or existing session(s) are found.
   
To start from a known state with no user sessions:
      - Close ALL existing Chrome Incognito windows, terminating any active Google sessions.
      - Open a new Chrome Incognito window (Ctrl-Shift-N).

To establish a Google user session:
      - Open news.google.com
      - Click on 'Sign in' in the upper right hand banner to sign in to a Google Account, establishing a new session.
      

Selecting user accounts in advance

The sign-in options below allow user accounts to be filtered.

Using login_hint to suggest a Google account may skip the account chooser (may be the email address configured for: 1) a Google Account or 2) a Workspace Account)


Providing a hosted domain value filters the account chooser, displaying only matching accounts. For example, "*" limits sign-in to the Workspace primpary domain, while "ink-42.com" does so for the named Workspace domain
No user prompts are required when:
  - Only one active Google account session exists
  - login_hint is used when two or more active Google account sessions exist
  - User has previously granted consent
  
Optional additional gestures:
    1. Sign-in to a Google account is required when:
      - no active Google account session exists
      - Google requires reauthentication for security reasons or other factors
    2. Account chooser gesture is required when:
      - login_hint is not used when two or more active Google account sessions exist
      - login_hint is used but a corresponding Google account does not exist
    3. Consent is required:
      - once for each Google account and application (client id) tuple,
      - when site settings optionally call for it,
      - when requested scopes do not fully match previously approved scopes