Performing Google Federated Login/oAuth2 after initial Authentication

Question

I am trying to support \"Hybrid\" Federated Login and oAuth2 (using logic from this document) for a webservice which will:

1. support Sign in using your G

Answer 1

Add this paramter to the https://accounts.google.com/o/oauth2/auth URL call: approval_prompt=force and then the Sign in using your Google account will always show regardless of whether the user was already signed into that or any other account.

So the call would be like this https://accounts.google.com/o/oauth2/auth?client_id=<client id>&redirect_uri=<uri>&scope=<scope>&access_type=<online or offline>&response_type=code&approval_prompt=force

Answer 2

When the user is redirected back, you call the second request from your own (server-side?) code, and get their email address. When you successfully get it, that means that the user is logged on. You can add it to the session (e.g. as cookie), and as long as you have it, the user is logged on. You make the user log out by forgetting the email address, so by clearing the session/cookies.

Answer 3

If your site has access to something like your Contacts or Analytics using OAuth, you'll never see "Sign in using your Google account". I'm pretty sure that's only if you use OpenID (not OAuth) only for sign-in.

Specifically, OAuth is used for giving you access to APIs to create/update/delete data, while OpenID is for signing in.

Answer 4

If you are asking how to identify user for future logins, you have two options:

• Mix OAuth with OpenID, that is called Hybrid. I have described it on this answer.

• Use userinfo scope and request userinfo (email, etc.) after successful OAuth authorization. It is described on Google OAuth 2 documentation.

If you mean automatically login to your web site in future visits you can use OpenID "immediate mode" (openid.mode parameter).