Best way to allow users access to your app using their Google credentials

Question

If you have an Android application that requires user registration and you would like to allow your users to login via Google, how would you handle this ?

I wou

Answer 1

What you need is this http://android-developers.blogspot.com/2013/01/verifying-back-end-calls-from-android.html

i.e. get an ID Token and use it to sign-in to the backend of your application.

You are right. In general, it is a bad idea to use access token for authentication. We have done multiple presentations to caution developers about it. https://docs.google.com/presentation/d/1klTZheiQIhcty6MKvTYS12cw1Vyn4T1R4d60QCRYM60/edit?usp=drive_web

If there is no other option and one only has an access token, you may be able to do some extra verification to use it to login and mitigate potential security issues. There is a reason ID Token was designed in OpenIDCOnnect and that is to use for authentication.

Answer 2

The recommended way is to use the new Google+ Sign-in: https://developers.google.com/+/mobile/android/sign-in