Personalized login button generated by Google
Question
Google has a code generator that generates a personalized login with Google button . A sample of the code generated by the generator is as the following.
<div id="g_id_onload"
data-client_id="abcdefghijklmnopqrstuvwxyz"
data-context="signin"
data-ux_mode="popup"
data-callback="localhost:1234/callback"
data-nonce=""
data-auto_prompt="false">
</div>
<div class="g_id_signin"
data-type="standard"
data-shape="rectangular"
data-theme="outline"
data-text="signin_with"
data-size="large"
data-logo_alignment="left">
</div>
I have a few questions to understand this button better.
- Why is there no client secret?
- This button gets an ID token, but what about a refresh and access token? How could you refresh an expired ID token?
- Is the generated code production-ready, or is it merely serve demo purposes?
1 answers
solution1
1 ACCPTED 2023-01-19 14:32:17
Why is there no client secret?
Because this is client side JavaScript and there for uses implicit flow. The Implicit flow is a simplified OAuth flow used by JavaScript apps where the access token was returned immediately without an extra authorization code exchange step.
This button gets an ID token, but what about a refresh and access token? How could you refresh an expired ID token?
This is again client side JavaScript Implicit flow. Implicit flow does not return a refresh token. TO get a new id token after it has expired the user will need to login again.
Is the generated code production-ready, or is it merely serve demo purposes?
Google web identity is in production and what google is currently recommending we used for Client side JavaScript web applications.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.