Integrating Google One-Tap sign-up/login with Auth0

fdss · January 18, 2019, 2:06pm

Hi,

Does anyone have any experience of integrating Google’s One-Tap signup functionality into Auth0 ???

I can get the widget to work, but I’m not sure what the next steps should be for connecting it to Auth0?

Thanks in advance,

Chris

fdss · January 18, 2019, 2:07pm

Documentation for One-Tap is here: https://developers.google.com/identity/one-tap/web/

konrad.sopala · January 18, 2019, 3:23pm

Hey there @fdss!

Can you provide me more context on the overall what you plan to build so I can potentially advise you what part of our stack and which docs you should refer to? I have no experience with Google’s One-Tap but that will for sure allow me to serve you better!

Thanks a lot!

crod28 · January 22, 2019, 10:51am

Hi there

We are currently trying to integrate Google One-tap (Übersicht | Authentication | Google Developers) with our website, which uses Auth0.

We’ve got to the point where successful sign-in using the one-tap popup returns an ID Token, however are now unsure how to integrate this with Auth0 to complete the login. Does anyone have experience with this or know how to get it to work?

Thanks in advance
Chris

hugo.gibson · January 29, 2019, 11:36am

I’ve done this using a M2M flow. The server receives the Google ID token, checks it, and then gets the users a token from Auth0 via the M2M flow. It’s not ideal.

Would be good to get Auth0 official guidance on this?

crod28 · January 29, 2019, 4:13pm

Hi Hugo,

Thanks for your reply.

Don’t suppose you’d be willing to share the code for the M2M part please?

peter-auth0 · February 28, 2019, 11:13pm

I don’t think using M2M is a good approach since that’s not meant for user-based flows. Rather, M2M (specifically OAuth 2.0 Client Credential Grant) is intended for machine-based flows where the resulting Access Token represents the app itself instead of the end user. I think the motivation of using M2M is to attempt to treat Auth0 as an STS and exchange a token from one issuer (Google’s ID Token) for one of another (your Auth0 tenant).

Consider this approach instead:

Perform the Google one tap flow, which results in obtaining an ID Token from Google in the browser
Decode the ID Token and extract the user’s email address. You can optionally validate the ID Token’s signature, but I think this isn’t necessary with the upcoming steps
Use Auth0.js’s authorize() method to perform an authentication flow with Auth0, passing a connection parameter with a value of google-oauth2 and a login_hint with a value of the email address you collected in step 2
Auth0 will perform a login flow directly against your Google social connection, passing the same email, which will avoid any sort of user picker prompt (in case you’re signed in with more than one account). And since you already have a session with Google, you will automatically SSO through.

Of course, you do need to ensure you have a Google connection set up in your Auth0 tenant first.

konrad.sopala · March 1, 2019, 8:28am

Thanks a lot @peter-auth0 for sharing that!

system · March 16, 2019, 8:28am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.