Google Sign In iOS and Web

Question

I'm building a system with a web and a iOS app. The web part require authentication that can be used on the mobile part and vice versa. I want to add support for google sign in on the web and on the mobile part. For test i've used the code from

https://developers.google.com/identity/sign-in/ios/start-integrating

for iOS and

https://developers.google.com/identity/sign-in/web/

for the web part. scope are the same on Application and web (email, profile)

Expected flow

1. User sign in with google and grant access from mobile (or web)
2. user go to web site (or application)
3. user sign in with google
4. no need to grant permission again

What i got

5. User sign in with google and grant access from mobile
6. user go to web site
7. user sign in with google
8. same permission are asked again

How can i avoid asking permission again? from the documentation (https://developers.google.com/identity/sign-in/web/cross-platform-sign-in) seems to be possible to obtain the expected flow but in practice i am unable to obtain it. iOS and Web are in the same google developer project.

Answer 1

I've made this work as expected following this guides: https://developers.google.com/identity/protocols/CrossClientAuth https://developers.google.com/identity/sign-in/ios/offline-access

what you have to do is the following:

first add [GIDSignIn sharedInstance].serverClientID = @"SERVER_CLIENT_ID";

in your iOS appDelegate. When the user authenticate through the app you can now retrive a token valid for your server_client_id via serverAuthCode attribute of your GIDGoogleUser object.

Send the token to the server and validate it on the token endpoint (/oauth2/v3/token) redirect_uri must be empty while grant_type must be authorization_codeotherwise you will have a 400 response.

Your server is now authenthicate and when the user will log on the website permission will not be asked again.