Google login | How to migrate to google identity services in 2022?

In this article, we will see for google login, how to migrate to google identity services API.

Nowadays, most users try to sign-up and sign in using social means. The reason is – it is hard for users to remember the password when they do signup using the email and password forms.

With so many platforms and subscriptions, it is obvious that users tend to use social signup like Facebook login, Google login, apple login, etc.

If you’re using google login, you must have gotten this mail from google –

Beginning April 30th, 2022 new web applications must use the Google Identity Services library, existing web apps may continue using the Platform Library until the March 31, 2023 deprecation date.

So, after March 31, 2023, the Platform Library won’t work and users will not be able to log in. This article list the steps on how to migrate to make google login work like before.

How does google login work?

When the user clicks the google button, google prompts an account chooser popup.

When the user chooses one of the Gmail id accounts, Google returns the access_token which is available in the callback function.

This access_token is passed to the backend API through a REST API call.

The backend API then calls the Google APIs with the access_token as param to access the user’s profile and sign in or sign up to our system.

Current Scenario

To obtain a per-user access token to call Google APIs, Google offers multiple JavaScript libraries:

Now, Google has –

replace the deprecated Platform Library with the Identity Services library, and
removed the deprecated gapi.auth2 module, its methods, and objects, replacing them with Identity Services equivalents.

Google User Authorization Model for google login

There are the following ways through which we can obtain the user profile after the user select the email id in the account chooser prompt –

Code Model
Token Model
GIS credential

Code Model

The client clicks the google button and Google sends the unique authorization code
The client passes the authorization code to the service api
After validation, the service API sends this code to google api to exchange it for per-user access and refresh tokens
With access_token, service api fetches the user profile and creates the account or login

Code illustration – https://developers.google.com/identity/oauth2/web/guides/migration-to-gis#gis-popup-ux

Token Model

The client clicks the google button after the user gave consent through the prompt.
Google then returns a TokenResponse containing an access token and a list of scopes the user has granted access to, or an error, to your callback handler.
The client passes the access_token to service api
With access_token, service api fetches the user profile and creates the account or login

Code Illustration – https://developers.google.com/identity/oauth2/web/guides/migration-to-gis#gis-only

GIS Credential

The client clicks the google button after the user gave consent through the prompt.
Google then returns a CredentialResponse object which contains a credential field which is the ID token as a base64-encoded JSON Web Token (JWT) string.
The client passes the CredentialResponse object to service api
Service decodes the JWT token which has the user profile and creates the account or login

Code Illustration – https://developers.google.com/identity/gsi/web/guides/handle-credential-responses-js-functions

Note:-

If you were using the Platform.js library and if you want the minimal code changes in the migration you should check the Token modal as it also returns the access_token like the Platform.js library does.

Steps to integrate the google identity service

Load the Google 3P Authorization JavaScript Library i.e Identity Services library
<script src=”https://accounts.google.com/gsi/client” async defer></script>
Choose a user authorization model to get the access_token/unique authorization code/JWT token
Exchange the code retrieved at step 2 to backend service api to fetch the user profile and make the user login/signup into the system