Google Social Login Configuration Guide

Important. After a security audit uncovered a serious flaw in the Google+ code base, Google made the decision to slowly phase out the service, and the Akamai Identity Cloud has updated its Google Sign-In IDP to no longer rely on Google+ scopes or APIs. 


This configuration guide explains how to enable Google Sign-In as a social login identity provider. To do this, it is important that you follow the steps outlined in this guide, and largely ignore the instructions provided in the JavaScript SDK (widget). The user interface for the JavaScript SDK is outdated and will be replaced shortly. If you look at the JavaScript SDK you’ll see step-by-step instructions for configuring a Google app. For example, this screenshot explains how you must start by enabling the Google API and the Contacts API:

That information is no longer correct: you do not need to enable those two APIs. Follow the steps detailed in this configuration guide, and don’t worry about the instructions provided in the JavaScript SDK.

Before You Begin

To use Google Sign-In for social login you must:

  1. Obtain a Google developer account from https://console.cloud.google.com.
  2. Do one of the following:
     
    • Open a previously-created Google app, and copy the app ID and app secret.
    • Create a new Google app and copy the client ID and client secret.
       
  3. Use the Social Login Dashboard and the Google+ client ID and client secret to configure Google Sign-In as a social login provider.


In This Configuration Guide

  • Creating a Google Sign-In App for Social Login
  • Using an Existing Google Sign-In App for Social Login
  • Configuring Google Sign-In as a Social Login Provider
  • Testing Google Sign-In Social Login
  • Assigning a Different Google Sign-In App for Social Login
  • Removing Google Sign-In as a Social Login Provider


Creating a Google Sign-in App

This section walks you through the process of creating a Google Sign-In app for social login. If you already have an app, see the Using an Existing Google Sign-In App for Social Login section of this documentation.

To create a Google Sign-in app, complete the following procedure:

  1. Log on to the Social Login Dashboard (https://dashboard.janrain.com) and the click the Manage Engage icon for your application.
  2. From your application’s home page, click the Manage Providers icon:
  3. From the Configure Providers page, click Google+to display the Google configuration dialog box. Click Next until you see the screen that shows the JavaScript Origin and Redirect URI values for your domain:
  4. Make a note of these values or keep this screen displayed while you configure your Google Sign-in app.
     
  5. Go to the Integrating Google Sign-in into your web app page, click Sign In, and then log on to the Google Developers center.
     
  6. Click the blue Configure a Project  button:
  7. In the Configure a project for Google Sign-in dialog box, click Select or create project:
  8. In the dropdown list, select Create a new project:
  9. Type a name for your app (project) in the Enter new project name field and then click Next:
  10. Type the name of your app (as seen by end users) in the Configure your OAuth client dialog box and then click Next:
    Note that the product name can be anything you wish: it does not have to match your project (app) name.
  11. In the Configure your OAuth client dialog box, click the Where are you calling from dropdown list and then select Web browser:
  12. In the Authorized JavaScript Origin  field, type the URL to your RPX domain and then click Create:
  13. In the You’re all set! dialog box, copy the Client ID and the Client Secret, paste those values into a text file, and then click API Console:
    You’ll need both the client ID and the client secret when configuring Google as a social login provider.
     
  14. From the Google APIs page, ensure that the name of your app appears at the top of the page and then click OAuth client:
  15. In the Authorized redirect URIs field, type your redirect URI and then click Save:
    Your redirect URI will typically be your rpx domain (e.g., https://gms.rpxnow.com) followed by /googleplus/callback. And yes, that URL does use the term googleplus. But that’s just the endpoint name: Sign-in for Google has no connection to, or dependency on, Google+. 
     
  16. Log off from the Google Developers center.


Using an Existing Google App for Social Login

If you already have a Google Sign-In app that can be used for social login, complete the following steps to retrieve the application’s client ID and client secret:

  1. Log on to the Google Developer’s console (https://console.developers.google.com).
     
  2. From your Google APIs dashboard, click the projects and folders dropdown list:

  1. In the Select from dialog box, click the name of the app that you want to use for social logins:
  2. When your app appears in the navigation bar, click Credentials:
  3. In the Credentials pane, click OAuth client:
  4. From the Client ID for Web application page, copy the Client ID and Client secret:
    You can paste the copied information to a text editor, then close the text editor after you have configured social login.
     
  5. Log off from the Google Developers platform.


Configuring Google Sign-In as a Social Login Provider

To configure Google Sign-In as a social login provider, make sure you have your Google Sign-In client ID and client secret, and then complete the following procedure:

  1. Log on to your Social Login Dashboard (https://dashboard.janrain.com).
  2. From the Dashboard home page, click the Manage Engage Dashboard icon.
  3. From the Engage Dashboard home page, in the Widgets and SDKs section, click Sign-Ins.
  4. From the Sign-in page, verify that Widget is selected and then expand Providers:
  5. From the list of Providers, click Google:
  6. In the Google dialog box, click Next until you reach the screen requesting the Google Client IDand Client Secret:

  1. Enter your Google client ID in the Client ID field, enter your Google client secret in the Client Secret field, click Save, and then click Close. Google appears in your social login widget:
  2. When you are finished, select Save. Note that it might take as long as one hour before Google appears as a social login option on your web site.

If you are configuring Google for the first time, be sure that you skip the Configure Providers screen:

Much of the information shown on this screen (information previously available through Google+) is not provided by Google Sign-In; perhaps more important, requesting information that Google Sign-In does not provide can lead to problems when a user tries to log on with a Google account. We recommend that you do not enable any of the options on this screen

But what if you’ve already selected some of these options? For example:

In that case, we recommend that you deselect each of the selected values:

The Configure Providers screen will be updated in a subsequent release of the Social Login dashboard.


Testing Google Sign-In Social Login

To test Google Sign-In social login, complete the following procedure:

  1. Do one of the following:
     
    • If you have just published your widget settings, click the Test your widget link that appears after the widget has been saved.
    • If you previously published your widget settings then, from the Engage Dashboard Sign-in page, click Launch a test widget.
       
  2. From the Test page, click the Google icon:

  1. In the sign-in window, enter your Google account email address in the Email or phone field and then click Next:
  2. Enter your Google account password in the Enter your password field and then click Next:
  3. If login succeeds, information returned from the Google profile is displayed in the API response preview field:

By default, your Google app returns information similar to the following:

{
  "stat": "ok",
  "profile": {
    "displayName": "Greg Stemp",
    "email": "greg.stemp@janrain.com",
    "googleUserId": "117224169092709847855",
    "identifier": "https://www.google.com/profiles/117224169092709847855",
    "name": {
     "familyName": "Stemp",
      "formatted": "Greg Stemp",
      "givenName": "Greg"
    },
    "photo": "https://lh6.googleusercontent.com/-FW0NohhRtPA/AAAAAAAAAAI/AAAAAAAAAAA/ACevoQPqePkQn1FaNn6Sr_seAX_q5yjoiQ/mo/photo.jpg&sz=400",
   "preferredUsername": "greg.stemp",
   "providerName": "Google",
   "providerSpecifier": "google",
    "provider_id": "117224169092709847855",
   "verifiedEmail": true
  },
 "accessCredentials": {
    "accessToken": "ya29.GluuBsaoGkvwPl5wq3ttHGsqrF4-y2hOF3UB0pKGoszm3WMBGt5skhgTwlEWc0hjmhT7Rs4oXXUDmYKEI8amsFcVArWtjqgjqvaSfSqrhVTLw4HZnPIBX2McuY76",
    "clientId": "737258797307-t9s04713f9plcga91rau7qodmrpknl57.apps.googleusercontent.com",
    "expires": 1550000156,
   "refreshToken": "1/EQxGgmp4zh9ZTV1p6ooEtVQsygvQbmVT4DNu79DOVOcmXoJClWnH6C1QOKLmvzpK",
    "scopes": "openid",
    "type": "openidconnect",
    "uid": "117224169092709847855"
  }
}


Assigning a Different Google Sign-In App for Social Login

If you want to use a different Google Sign-In app or if you need to change your existing app, you must update the Google Sign-In provider configuration settings. To do that, complete the following procedure. When doing this, keep in mind that, even though the Dashboard UI says Google+, you are actually configuring Google Sign-In

  1. From the Engage Dashboard home page, click the Manage Providers icon:
  2. From the Configure Providers page, click Google+.
     
  3. Click the green Configured button to display the Google is currently enabled dialog box:
  4. To change the Google+ configuration, click Modify These Settings.
     
  5. In the Google dialog box, change the Client ID and/or Client Secret as needed, and then click Save:
  6. Click Close.

Although you can modify your Google Sign-In settings, you cannot delete those settings. If you delete the settings and then try to save your changes, you’ll see the following error message:

This means that you cannot “unconfigure” the provider: once configured, the Google+ icon will always be shown as green (i.e., configured) in the Social Login Dashboard.


Removing Google Sign-In as a Social Login Provider

If you no longer want to use Google Sign-In for social login, you can remove Google Sign-In as a social login provider by completing the following procedure:

  1. Log on to your Social Login Dashboard (https://dashboard.janrain.com).
  2. From the Dashboard home page, click the Manage Engage Dashboard icon.
  3. From the Engage Dashboard home page, in the Widgets and SDKs section, click Sign-Ins.
  4. From the Sign-in page, verify that Widget is selected and then expand Providers.
  5. In the widget, click the X in the upper right corner of the Google icon.
  6. Scroll to the bottom of the page, select Save and Publish, and then click Publish. Google no longer appears in the sign-on widget.
Note. You must always have at least one social login provider in the widget. If you delete all the providers and then click Publish, you’ll see the error message Couldn’t save configuration: No providers.