How to implement Google+ sign-in

Question

I'm trying to implement a Google+ signup/signin and I'm having hard time with this on understanding the complete flow.

So, I'm using the GoogleApiClient with Plus.SCOPE_PLUS_LOGIN and Plus.SCOPE_PLUS_PROFILE in order to get the email of the user with

mEmail = Plus.AccountApi.getAccountName(mGoogleApiClient);

and after getting the email I'll get a token with

token = GoogleAuthUtil.getToken(mActivity, mEmail, "oauth2:profile email");

At this point I'm quite lost.
I guess I have to send to my server the email and token, and verify it, so I've found this link that explain that I should use this library .

The question is about the second time I will open the app. Which is the flow? Should I repeat every step as above and get email/token and send them to the server? Should I store the token and send it? Or should I just send the email, and the server should store the token?

Any help is really appreciated! Thanks!

Answer 1

You should try starting with the Google+ Sign-In Quickstart for PHP : this sample shows you how to do basic OAuth flows in PHP and sign the user in.

The question is about the second time I will open the app. Which is the flow? Should I repeat every step as above and get email/token and send them to the server? Should I store the token and send it? Or should I just send the email, and the server should store the token?

The best way to do this step (authentication) is to get an ID token or access token on the client (this is a refresh flow or code exchange flow, depending on the client), include the token in a (secure, eg https) request header, and then verify the token on your server if a session is not present. The Google+ PHP Verify Token sample demonstrates the verification steps.