Search code examples
oauth-2.0openidgoogle-openid

does a "sign in with google" approach for a web app imply the need for OpenID with google (or can OAuth be used)?

does a "sign in with google" approach for a web app imply the need for OpenID with google (or can OAuth be used)?

Reading the google pages it almost seems you need to use OpenID for "sign in using google", and OAuth to get data via google api's?

CLARIFICATION: actually digging deeper looking at what the ruby "omniauth-google-oauth2" GEM is doing when it is successfully doing a "sign in with google" for me, I see it is hitting:

https://accounts.google.com/o/oauth2/auth.

And is including in the "scope" it passes

"https://www.googleapis.com/auth/userinfo.email"
"https://www.googleapis.com/auth/userinfo.profile".

So this this would imply OAuth can be used for "sign in with google" no?

Solution

  • Answer seems to be YES. Documented here:

    http://code.google.com/apis/accounts/docs/OAuth2Login.html