What is Google One Tap?

Asked

Viewed 455 times

7

Browsing some sites, I saw a pop-up saying I can login using my google account:

Pop-up exibido

I wonder what exactly he is.

I got to that website however it does not have many details of its functioning and how I can use it in my applications.

  • 1

    These days I was wondering how Medium did it, "but how do they know this my account?"

  • Exactly this question I asked myself, I think it’s someone google or similar file advertisers do, but there was nowhere found the details

3 answers

9


According to the website: https://zapier.com/engineering/google-one-tap-inline/

Google One-tap is a new experience that allows users to create an account or log in to your site with a single click. It relies on the popular Google Login button to cut a full page from the authentication stream.

Google One-tap is part of the Openyolo-Web specification, which allows the injected Google into our is placed where we want. This allows Google One-tap to be a natural part of your designs.

An example of an application with this feature can be found here: https://github.com/zapier/google-yolo-inline?

On this page: https://medium.com/groww-engineering/all-about-googles-one-tap-sign-in-b8c1c93305d4 there is a step-by-step of how to proceed:

  1. Load the googleyolo client library.
<script src="https://smartlock.google.com/client"></script>
  1. Call googleyolo.retrieve() to check if the user can log in automatically.
const retrievePromise = googleyolo.retrieve({
  supportedAuthMethods: [
    "https://accounts.google.com"
  ],
  supportedIdTokenProviders: [
    {
      uri: "https://accounts.google.com",
      clientId: "YOUR_GOOGLE_CLIENT_ID"
    }
  ]
});
  1. If recovery fails, call googleyolo.hint() to ask you to choose a Google Account to sign up.
/* Check user not already logged in */
if(!hasSession()){
  googleyolo.hint({
    supportedAuthMethods: [
     "https://accounts.google.com"
    ],
    supportedIdTokenProviders: [{
      uri: "https://accounts.google.com",
      clientId: "YOUR_GOOGLE_CLIENT_ID"
    }],
    context: "signUp"
  }).then((credential) => {
    /* hit backend api and API TOKEN here */
    /* Also save basic details that we get here */
  }, (error)=> {
    console.log("Error occurred: ",error.type);
  });
}
  1. In the above credential object, you will get the ID token and other basic information such as displayname, id, profilePicture. Collect data and forward it to the back end and use it to create a new account.

However, remember that you cannot get the access token from now using the googleyolo API. Use Auth2 instead.

  1. But here’s the problem, this API is not yet open for security reasons. Using this API requires review and approval. Submit the review request form to start the process. All of the above steps can be done and placed on a separate branch. Once you have access to the API, everything is ready to use.

1

The Google as well as other identity providers (Facebook, Microsoft, etc.. ), allow other applications to use their registration as user identity, this way the information used by the application will be only the information that the identity provider makes available, normally the email and the name user’s.

This allows the user not to need to register on all sites by typing the same data and so this process occurs more smoothly and quickly at the level of interactivity.

  • Yes, but how does the site know who I am if I haven’t gone to the provider page and provided my credentials? How can I use this on my website? I know you can provide this method of authentication, including already use, but not like these sites, they identify in the first access who I am, I think based on my browser login

0

The idea of Google One Tap is quite simple...

The Google One Tap serves to enroll the users with a single touch and keep them connected automatically. Below will be demonstrated the functioning of the Flow of Login and Continuous Registration..

One-touch inscription

Sign up new users with one touch, without interrupting them with a sign up screen. Users receive a password-free, secure, token-based account on their website, protected by their Google Account.

inserir a descrição da imagem aqui

Auto-login

Log in users automatically when they return to your site on any device or browser, even after the session has expired.

inserir a descrição da imagem aqui

How the particular website knows who you are, if you have not yet gone to the provider’s page and provided your credentials?

This question is quite difficult to be answered, but taking into account that is Google and they dominate the search market, android among others... They probably use artificial intelligence, data Mining, scavenge their cache among other "obscure" methods. You know those ads that pop up for you ? And you say, 'Cause I was thinking about buying this, or making this trip..? It works the same way..

Note:

The beta test program for this API is currently closed. We are enhancing the functionality of multiple API browsers and we will provide updates here in the coming months.

Withdrawal of OFFICIAL GOOGLE SOURCE

Browser other questions tagged

You are not signed in. Login or sign up in order to post.