Google Login

Sign in on the web or in web-based apps using an OAuth flow initiated by Openfort Auth using Google Identity Authorization with OAuth 2.0 for Web Server Applications.

Configuration #

To use the OAuth 2.0 flow, you will require the following information:

1. Obtain OAuth credentials for your Google Cloud project in the Credentials page of the console. When creating a new credential, choose Web application. In Authorized redirect URIs enter https://openfort.xyz/iam/v1/oauth//google.
2. Configure the OAuth Consent Screen. This information is shown to the user when giving consent to your app. Configure the non-sensitive scopes by making sure the following ones are selected:

• .../auth/userinfo.email,
• .../auth/userinfo.profile,
• openid. If you're selecting other sensitive scopes, your app may require additional verification.

3. Finally, add the client ID and secret from step 1 in the Google provider on the Openfort Dashboard.

Signing users in#

Sign in with Google's OAuth flow is designed for web or browser based sign in methods. It can be used in web-based apps as well as in websites, though sometimes it is worthwhile considering using One Tap login directly.

Behind the scenes, Openfort Auth uses the Google OAuth 2.0 APIs, which are OpenID Connect certified, to perform the authentication.

To initiate sign in, you can use the initOAuth() method from the Openfort JavaScript library.

• Implicit flow: that's all you need to do. The user will be taken to Google's consent screen, and finally redirected to your app with an access and refresh token pair representing their session.
• Pooling flow: for example in Server-Side Auth, you need to redirect the user back to your website.