Last year, Google announced Google Identity Services (GIS), which is a set of APIs that consolidated several identity offerings from the company. Included in the GIS development kit are the Sign in with Google button and the authentication prompt One Tap.
Now, Google is adding an authorization feature to GIS to bolster the offerings of the SDK and make it easy for developers to implement secure authentication into their apps.
The new authentication library acts as a “one-stop-shop’ for authentication and authorization, according to the company. Authentication allows for new user sign ups and returning user sign ins, and authorization provides developers with access tokens to call Google APIs with a user’s consent.
The SDK provides clear separation between these two functions in order to provide developers with greater control. Developers can make calls as two separate flows based on app needs.
According to Google, the new GIS SDK uses pop-up dialogues in the browser, which helps reduce user friction, streamlines authentication and authorization flows, and increases user engagement.
The SDK also results in better security for these flows, since it requires users to explicitly refresh sessions, which prevents long standing tokens from being abused.
Another benefit of the update is that integration complexity has been decreased, which reduces development time. Google offers pre-scripted code snippets that can easily be pasted into partner sites.
“Users who take advantage of Google’s authentication or authorization flows benefit from Google’s leading security infrastructure, offering two factor authentication, password recovery flows, and have the peace of mind that all sites and apps with authorization enabled, have been verified by Google,” Rohey Livne, product manager at Google, wrote in a post.