Chrome third-party cookie deprecation starts Q1 2024. Follow the migration guide to review potential changes and avoid negative impacts for user sign-in to your website.
- Home
- Products
- Google Identity
- Authentication
- Sign In with Google for Web
This page describes how to implement features related to how users sign in orsign out with Google One Tap.
Sign in users automatically
Google One Tap supports automatic sign-in, which provides a frictionless userexperience (UX) by removing the manual steps visitors must take when returningto your site. Users don't need to remember which Google Account they selectedduring their last visit, decreasing the chances of unnecessary duplicateaccounts being created on your platform.
Automatic sign-in is intended to complement our Sign in with Google buttonand One Tap dialogs. It is designed to be used across your entire site, withmanual sign-up or switching accounts occurring only after the user has firstsigned-out of your site.
For Automatic sign-in to occur the following conditions are required:
- users must first be signed-in to their Google Account, and
- previously granted consent to share their account profile with your app, and
- when using FedCM, made only a single sign-in attempt in the last 10 minutes.One Tap is displayed when repeated sign-in attempts occur during this window.
- when using FedCM, Chrome requires users to reconfirm that they want tosign in to the website with Google Account in each Chrome instance even if theuser approved the website prior to the FedCM rollout. This change may affectconversion rate on your existing site using One Tap. In Chrome M121 update,Auto Sign-in improvement mitigates conversion rate drop issue.
For pages where Automatic sign-in is enabled and if these conditions are metthe visitors ID token credential is automatically returned without any userinteraction. If these conditions are not met, and even if Automatic sign-in isenabled on the page, the user defaults to the One Tap flow for sign-in orconsent. If a user has multiple Google Accounts and visits your site they arerequired to first sign-in to a single Google Account and to have providedconsent for that account.
You may measure Automatic sign-in success rate using the auto value in theselect_by field of the returned credential object.
To enable automatic sign-in, add data-auto_select="true" to your code, asshown in the following snippet:
<div id="g_id_onload" data-client_id="YOUR_GOOGLE_CLIENT_ID" data-login_uri="https://your.domain/your_login_endpoint" data-auto_select="true"></div>Sign out
When a user signs out of your website, they can be directed to a page where aGoogle One Tap prompt is automatically displayed. For this setup, auto-selectionmust be prohibited. Otherwise, the user is automatically signed in again, whichleads to a dead-loop UX.
Using FedCM
To improve user experience, there is a 10 minute quiet period between everyautomatic sign-in attempt. During this time period, One Tap prompt isdisplayed instead. Users need to explicitly click One Tap to sign in.
Without FedCM
To prohibit auto-selection after a user signs out, add the class nameg_id_signout to all of your logout links and buttons. See the following codesnippet:
<div class="g_id_signout">Sign Out</div>The following JavaScript code snippet can also be used for sign out:
const button = document.getElementById('signout_button');button.onclick = () => { google.accounts.id.disableAutoSelect();}Consequently, the signed-out status is recorded through a cookie in yourdomain so that the dead-loop UX is avoided.
The sign-out status is stored into the g_state cookie in your domain. If youhave a service that monitors all of the cookies used in your domain, you needto notify them of this cookie.
If you don't want to load the client library on your post-login pages, usethese solutions to prevent a dead-loop UX after log out occurs:
- On log out, redirect users to a page (say,
https://example.com/logged_out) where One Tap is not displayed, orwhere auto sign-in is always disabled. - On log out, add a parameter to the URL. For example,
logged_out=1.When rendering One Tap by JavaScript API, check that URL parameter anddisable auto sign-in when present.
Key user journeys
The automatic sign-in page.
Using FedCM
Users can close the One Tap prompt by clicking the X button. Foraccessibility consideration, an ID token is shared with your websiteeven if users click the X button.
To improve user experience, there is a 10 minute quiet period between everyautomatic sign-in attempt. During this time period, One Tap prompt isdisplayed instead. Users need to explicitly click One Tap to sign in.
Without FedCM
If users don't click the Cancel button within 5 seconds, an ID tokenis shared with your website.
When Sign-In is cancelled, based on the number of active Google sessions,either the account chooser page or the returning user page displays.
- Multiple Google sessions
- Single Google Sessions
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-05-01 UTC.
[{ "type": "thumb-down", "id": "missingTheInformationINeed", "label":"Missing the information I need" },{ "type": "thumb-down", "id": "tooComplicatedTooManySteps", "label":"Too complicated / too many steps" },{ "type": "thumb-down", "id": "outOfDate", "label":"Out of date" },{ "type": "thumb-down", "id": "samplesCodeIssue", "label":"Samples / code issue" },{ "type": "thumb-down", "id": "otherDown", "label":"Other" }] [{ "type": "thumb-up", "id": "easyToUnderstand", "label":"Easy to understand" },{ "type": "thumb-up", "id": "solvedMyProblem", "label":"Solved my problem" },{ "type": "thumb-up", "id": "otherUp", "label":"Other" }]
