I use Google API PHP Client in my website.
Once User login with Google after click Google Login button on my site.
I collect data from Google Response that's contain Google Profile ID data.
CHECK, Register and Login logic
If Profile ID not exist in my user table: I will store this visitor Google ID + another data from Google Response to mysql user table.
If profile ID is exist: I set visitor with session, and this user will login directly without need to entered password.
Is it secure to do this logic system for login and register? Is possible to hacker by pass Google ID with this Google PHP API client that's already build with unique token, client id and client secret.
I use PDO driver with prepared query.
Since Google Php client process is working in backend with multiple layer security by google (token, client id, client secret) + my server security (ex: CSRF protection); I personally consider Google PHP client is secure. Otherwise Google Account is hacked by someone who's can login client Account. But point of question is "is it Google Login secure? (PHP CLIENT)", the answered is 'Yes, is trusted and secure'. Because if someone can hack email account, hacker also can reset most of social and media accounts registered with that email even without Login Google button, because most of site with public user use email as verifiaction.