google_sign_in_web 0.11.0+2 google_sign_in_web: ^0.11.0+2 copied to clipboard
Flutter plugin for Google Sign-In, a secure authentication system for signing in with a Google account on Android, iOS and Web.
The web implementation of google_sign_in
Migrating to v0.11 (Google Identity Services) #
google_sign_in_web plugin is backed by the new Google Identity Services
(GIS) JS SDK since version 0.11.0.
The GIS SDK is used both for Authentication and Authorization flows.
The GIS SDK, however, doesn't behave exactly like the one being deprecated. Some concepts have experienced pretty drastic changes, and that's why this plugin required a major version update.
Differences between Google Identity Services SDK and Google Sign-In for Web SDK. #
- In the GIS SDK, Authentication and Authorization are now two separate concerns.
- Authentication (information about the current user) flows will not
- Authorization (permissions for the app to access certain user information) flows will not return authentication information.
- Authentication (information about the current user) flows will not authorize
- The GIS SDK no longer has direct access to previously-seen users upon initialization.
signInSilentlynow displays the One Tap UX for web.
- The GIS SDK only provides an
idToken(JWT-encoded info) when the user successfully completes an authentication flow. In the plugin:
- The plugin
signInmethod uses the Oauth "Implicit Flow" to Authorize the requested
- If the user hasn't
signInSilently, they'll have to sign in as a first step of the Authorization popup flow.
signInSilentlywas unsuccessful, the plugin will add extra
signInand retrieve basic Profile information from the People API via a REST call immediately after a successful authorization. In this case, the
idTokenfield of the
GoogleSignInUserDatawill always be null.
- If the user hasn't
- The GIS SDK no longer handles sign-in state and user sessions, it only provides Authentication credentials for the moment the user did authenticate.
- The GIS SDK no longer is able to renew Authorization sessions on the web. Once the token expires, API requests will begin to fail with unauthorized, and user Authorization is required again.
See more differences in the following migration guides:
- Authentication > Migrating from Google Sign-In
- Authorization > Migrate to Google Identity Services
New use cases to take into account in your app #
Enable access to the People API for your GCP project
Since the GIS SDK is separating Authentication from Authorization, the
Oauth Implicit pop-up flow
used to Authorize scopes does not return any Authentication information
anymore (user credential /
If the plugin is not able to Authenticate an user from
OneTap UX flow), it'll add extra
scopes to those requested by the programmer
so it can perform a People API request
to retrieve basic profile information about the user that is signed-in.
The information retrieved from the People API is used to complete data for the
object that is returned after
signIn completes successfully.
signInSilently always returns
Previous versions of this plugin were able to return a
object that was fully populated (signed-in and authorized) from
because the former SDK equated "is authenticated" and "is authorized".
With the GIS SDK,
signInSilently only deals with user Authentication, so users
retrieved "silently" will only contain an
idToken, but not an
requestScopes, a user will be fully formed.
The GIS-backed plugin always returns
signInSilently, to force apps
that expect the former logic to perform a full
signIn, which will result in a
fully Authenticated and Authorized user, and making this migration easier.
null in the
GoogleSignInAccount object after
Since the GIS SDK is separating Authentication and Authorization, when a user
fails to Authenticate through
signInSilently and the plugin performs the
fallback request to the People API described above,
GoogleSignInUserData object will contain basic profile information
(name, email, photo, ID), but its
idToken will be
This is because JWT are cryptographically signed by Google Identity Services, and this plugin won't spoof that signature when it retrieves the information from a simple REST request.
Since the GIS SDK does not manage user sessions anymore, apps that relied on this feature might break.
If long-lived sessions are required, consider using some user authentication system that supports Google Sign In as a federated Authentication provider, like Firebase Auth, or similar.
Expired / Invalid Authorization Tokens
Since the GIS SDK does not auto-renew authorization tokens anymore, it's now the responsibility of your app to do so.
Apps now need to monitor the status code of their REST API requests for response
codes different to
200. For example:
401: Missing or invalid access token.
403: Expired access token.
In either case, your app needs to prompt the end user to
requestScopes, to interactively renew the token.
The GIS SDK limits authorization token duration to one hour (3600 seconds).
Import the package #
This package is endorsed,
which means you can simply use
normally. This package will be automatically included in your app when you do,
so you do not need to add it to your
However, if you
import this package to use any of its APIs directly, you
should add it to your
pubspec.yaml as usual.
Web integration #
First, go through the instructions here to create your Google Sign-In OAuth client ID.
web/index.html file, add the following
meta tag, somewhere in the
head of the document:
<meta name="google-signin-client_id" content="YOUR_GOOGLE_SIGN_IN_OAUTH_CLIENT_ID.apps.googleusercontent.com">
localhost and some port.
You can do this by:
- Going to the Credentials page.
- Clicking "Edit" in the OAuth 2.0 Web application client that you created above.
For local development, you must add two
http://localhost:7357(or any port that is free in your machine)
Starting flutter in http://localhost:7357
flutter run starts in a random port. In the case where you need to deal with authentication like the above, that's not the most appropriate behavior.
You can tell
flutter run to listen for requests in a specific host and port with the following:
flutter run -d chrome --web-hostname localhost --web-port 7357
Other APIs #
Read the rest of the instructions if you need to add extra APIs (like Google People API).
Using the plugin #
See the Usage instructions of
Note that the
serverClientId parameter of the
GoogleSignIn constructor is not supported on Web.
Find the example wiring in the Google sign-in example application.
API details #
See google_sign_in.dart for more API details.
Contributions and Testing #
Tests are crucial for contributions to this package. All new contributions should be reasonably tested.
test/README.md file for more information on how to run tests on this package.
Contributions to this package are welcome. Read the Contributing to Flutter Plugins guide to get started.
Issues and feedback #
Please file issues to send feedback or report a bug.