I'm building a system with a web and a iOS app. The web part require authentication that can be used on the mobile part and vice versa. I want to add support for google sign in on the web and on the mobile part. For test i've used the code from
https://developers.google.com/identity/sign-in/ios/start-integrating
for iOS and
https://developers.google.com/identity/sign-in/web/
for the web part. scope are the same on Application and web (email, profile)
Expected flow
What i got
How can i avoid asking permission again? from the documentation (https://developers.google.com/identity/sign-in/web/cross-platform-sign-in) seems to be possible to obtain the expected flow but in practice i am unable to obtain it. iOS and Web are in the same google developer project.
I've made this work as expected following this guides: https://developers.google.com/identity/protocols/CrossClientAuth https://developers.google.com/identity/sign-in/ios/offline-access
what you have to do is the following:
first add
[GIDSignIn sharedInstance].serverClientID = @"SERVER_CLIENT_ID";
in your iOS appDelegate. When the user authenticate through the app you can now retrive a token valid for your server_client_id via serverAuthCode
attribute of your GIDGoogleUser
object.
Send the token to the server and validate it on the token endpoint (/oauth2/v3/token) redirect_uri
must be empty while grant_type
must be authorization_code
otherwise you will have a 400 response.
Your server is now authenthicate and when the user will log on the website permission will not be asked again.