I'm having trouble finding a decent tutorial on how to set up a service account so that my personal website can use Google Sign In. What role does the service account need? I don't have google workspace (yet).
I'm currently using "Application Default Credentials (ADC)" from gcloud auth application-default login w/ the project in "test" mode...
Fundamentally, you don't need to use any auth outside of the client id associated with your project for the basic functions of Google Sign In.
I know this because I deleted all of my auth keys/json files, and unless they are stored somewhere, everything still functions. This seems to be true when using the golang google.golang.org/api/idtoken library to process Google Sign In user flows.