Search code examples
google-openidgoogle-oauth

Which Google sign-in flow is the best for a web application?

I'm about to create a web application which has some data linked to individual user accounts in the database. I want to implement it by Google sign-in because I don't want let users create new accounts just for this app. I'm now confusing which flow below is for my case.
Please help me.

  1. https://developers.google.com/identity/sign-in/web/sign-in Very simple.
  2. https://developers.google.com/identity/sign-in/web/server-side-flow Server Side flow?
  3. https://developers.google.com/identity/protocols/OpenIDConnect#authenticatingtheuser  This document says this is Server Flow.
  4. https://developers.google.com/+/web/signin/server-side-flow Just for Google+ users?


Is the No.1 maybe called "implicit" flow? I would like to take it if it is secure because of its simplicity.

Solution

  • https://developers.google.com/identity/sign-in/web/sign-in is best option for you.

    In case you need to "use Google services on behalf of a user when the user is offline" you can use https://developers.google.com/identity/sign-in/web/server-side-flow on top of https://developers.google.com/identity/sign-in/web/sign-in.