Hi,
Does anyone have any experience of integrating Google’s One-Tap signup functionality into Auth0 ???
I can get the widget to work, but I’m not sure what the next steps should be for connecting it to Auth0?
Thanks in advance,
Chris
Documentation for One-Tap is here: https://developers.google.com/identity/one-tap/web/
Hey there @fdss!
Can you provide me more context on the overall what you plan to build so I can potentially advise you what part of our stack and which docs you should refer to? I have no experience with Google’s One-Tap but that will for sure allow me to serve you better!
Thanks a lot!
Hi there
We are currently trying to integrate Google One-tap (Übersicht | Authentication | Google Developers) with our website, which uses Auth0.
We’ve got to the point where successful sign-in using the one-tap popup returns an ID Token, however are now unsure how to integrate this with Auth0 to complete the login. Does anyone have experience with this or know how to get it to work?
Thanks in advance
Chris
1 Like
I’ve done this using a M2M flow. The server receives the Google ID token, checks it, and then gets the users a token from Auth0 via the M2M flow. It’s not ideal.
Would be good to get Auth0 official guidance on this?
Hi Hugo,
Thanks for your reply.
Don’t suppose you’d be willing to share the code for the M2M part please? 
I don’t think using M2M is a good approach since that’s not meant for user-based flows. Rather, M2M (specifically OAuth 2.0 Client Credential Grant) is intended for machine-based flows where the resulting Access Token represents the app itself instead of the end user. I think the motivation of using M2M is to attempt to treat Auth0 as an STS and exchange a token from one issuer (Google’s ID Token) for one of another (your Auth0 tenant).
Consider this approach instead:
- Perform the Google one tap flow, which results in obtaining an ID Token from Google in the browser
- Decode the ID Token and extract the user’s email address. You can optionally validate the ID Token’s signature, but I think this isn’t necessary with the upcoming steps
- Use Auth0.js’s authorize() method to perform an authentication flow with Auth0, passing a
connectionparameter with a value ofgoogle-oauth2and alogin_hintwith a value of the email address you collected in step 2 - Auth0 will perform a login flow directly against your Google social connection, passing the same email, which will avoid any sort of user picker prompt (in case you’re signed in with more than one account). And since you already have a session with Google, you will automatically SSO through.
Of course, you do need to ensure you have a Google connection set up in your Auth0 tenant first.
4 Likes
Thanks a lot @peter-auth0 for sharing that!
1 Like
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.