©2012 Google -
Code Home -
Site Terms of Service -
Privacy Policy -
Site Directory
Google Code offered in:
English -
Español -
日本語 -
한국어 -
Português -
Pусский -
中文(简体) -
中文(繁體)
Getting Started
I want to...
- Choose an auth mechanism that will work for my application.
- Authorize my app to access data using a Google API.
- Let users sign in to my website using their Google Account.
- Register my application with Google.
- Get help! Join our community and participate in the discussion group.
What are authentication and authorization?
Third-party applications often require limited access to a user's Google Account for certain types of activity. To ensure that user data is not abused, all requests for access must be approved by the account holder. Access control has two components, authentication and authorization.
Authentication services allow users to sign in to your application using a Google Account. Some services also allow users to sign in using another account, such as an OpenID login.
Authorization services let users provide your application with access to the data they have stored in Google applications. Google takes privacy seriously, and any application that requires access to a user's data must be authorized by the user.
Authentication and authorization services are often referred to collectively as auth.
Authentication: Allow users to sign-in |
Authorization: Access users' data |
OpenID for Google Account Users, based on the OpenID 2.0 protocol, allows users to log into your website or web application with their Google account. When Google authenticates a user's account, it returns a user ID to your application, which allows you to collect and store user information. OpenID also allows you to get access to certain user account information, with user approval. |
The OAuth 2.0 open-standard protocol allows users to authorize access to their data, after they have been authenticated. Google supports the OAuth 2.0 protocol with bearer tokens for web and installed applications, as well as OAuth 1.0 for web applications and for installed applications. |
- The hybrid protocol uses both OpenID and OAuth, to provide both authentication and authorization in a single-step process.
- Google's proprietary AuthSub API offers access control features similar to those available using OAuth. AuthSub is not used widely outside the Google APIs, so we recommend that you migrate to OAuth where possible.
The Authentication and Authorization APIs can be used with both regular Google accounts and Google Apps hosted accounts. Although the user experience varies slightly, the process of managing authorization and/or authentication programmatically is the same for both types of accounts.