Authenticating Users

Google offers multiple methods of authenticating users in Cloud Platform applications. Each method has different purposes, listed below:

Authentication Service Purpose
Google Identity Toolkit Provides multiple user authentication options including with Google, Facebook, Yahoo, Microsoft, Paypal, and AOL. It also supports the largest number of users while maintaining the smallest amount of code.
Google Sign-In Google Sign-In provides Gmail and Google Apps account sign in along with support for one-time passwords (OTP). It’s the easiest method of supporting Google-only accounts, or supporting Google accounts in an existing sign-in system.
OAuth 2.0 and OpenID Connect OpenID Connect allows you to handle and use authentication tokens from the ground up with the most customization.

Google Identity Toolkit

Google Identity Toolkit gives you a robust, secure authentication system-in-a-box that helps you do sign-in with any account your users want to use. The Identity Toolkit supports password authentication in addition to federated sign in with Google, Facebook, Yahoo, Microsoft, Paypal, and AOL, allowing you to easily scale your authentication system as you grow on desktop and mobile.

The Identity Toolkit is the easiest way to set up user authentication for a Google App Engine app. To learn more about the Identity Toolkit, try the following:

  • Google Identity Tookit Quickstart Apps highlight how to use the Identity Toolkit on a website, allowing users to sign in using a username/password, Google, Yahoo, or Facebook sign-in. Sample apps are written in a variety of languages, including Java, Python, PHP, Go, Node.js, and Ruby.
  • Google Identity Toolkit Demo Site show how your app would function with Identity Toolkit. Both federated login and username/password login examples are shown on the demo site.

Google Sign-In

If you want to provide a Google login button for your website or app, or you’re using Google Apps for your domain and you want to authenticate users based on that login, you can use Google Sign-in, which is our sign-in client library built on the OAuth 2.0 and OpenID Connect protocols.

Google Sign-In is available for Web Apps, iOS, and Android.

Google Sign-in provides OpenID Connect formatted ID tokens, and OAuth 2.0 access tokens for further interaction with Google APIs. To configure Google Sign-In to return profile information in OpenID Connect format, use the openid scope and get the profile by calling the people.getOpenIdConnect endpoint.

OAuth 2.0 and OpenID Connect

OpenID Connect is an identity layer on top of the OAuth 2.0 protocol. You can use the directions provided in our OpenID Connect documentation to set up OAuth 2.0 and authenticate users.

Our implementation of OpenID Connect on OAuth 2.0 conforms to the OpenID Connect specification, and is OpenID Certified.

Send feedback about...

App Engine flexible environment for Ruby docs