1

In the documents of Google One-Tap sign in, it says:

Returning users are signed in automatically, even when they switch devices or platforms, or after their session expires.

Question 1: But it doesn't say anywhere how it does this? Is the user refresh token saved in the browser's cache? How can it then auto log in a user cross devices?

Question 2: The reason I ask is because I have a setup where I initialize the Google API client for JavaScript ("GAPI"). The GAPI library also automatically logs in a user whenever the client is "initialised" through gapi.client.init().

Now the problem is that after I have added the Google One-Tap code (Or should I say "YOLO code"? : ) my user gets logged in through One-Tap and also through GAPI. I can prevent this by not initializing the GAPI client, but I don't think that's wise, because I thought this whole library is built to manage my refresh tokens etc. Is my understanding correct that One-Tap does exactly the same and in case I only want to Authenticate users I do not need the GAPI client anymore?

Really, which library does a better job at managing my refresh tokens? And how do they differ? I'm clueless...

mesqueeb
  • 5,277
  • 5
  • 44
  • 77

1 Answers1

1

The way I implemented my login is the following:

  1. Try to login in the user first using gapi.auth2. Maybe the user was previously signed into the site.

  2. If can't login user automatically, then use googleyolo to try to find existing user accounts.

  3. If no existing accounts, then present a signin button for user to signin.

I can give you some code snippet if you need.

To answer your questions.

#1, the credential is stored within the browser/device. If the user has never signed into google in a device, then yolo won't be able to sign in the user.

#2. googleyolo will also login the user, the difference is that it will give the account selector even if there's only one user to select (it will automatically login the user if there's only one). gapi simply sign in the user without showing anything.

Wen W
  • 2,434
  • 1
  • 10
  • 15
  • Thanks for the info! Not really an exact answer to the 2 questions above, but I'm sure going to take this into account with my app! – mesqueeb Feb 25 '18 at 05:42
  • I apologize. To answer your questions. #1, the credential is stored within the browser/device. If the user has never signed into google in a device, then yolo won't be able to sign in the user. #2. googleyolo will also login the user, the difference is that it will give the account selector even if there's only one user to select. gapi simply sign in the user without showing anything. – Wen W Feb 25 '18 at 06:03
  • Thanks! If you can edit your answer above and include this answer at the top, I'll mark it correct! – mesqueeb Feb 25 '18 at 06:07
  • if you're interested how my final signin-flow works, I was able to completely bypass the gapi-signin. It's documented [here](https://stackoverflow.com/questions/48953745/how-to-use-the-google-api-client-for-javascript-with-a-one-tap-sign-in-flow/49023255#49023255). – mesqueeb Feb 28 '18 at 06:35