This is related to this question about google plus: Prevent auto sign in with Google plus
The difference is that I'm using the google sign in platform instead of google plus, which has a different api.
Background:
I have a pricing page that has a free trial signup form. The form has the google sign in button. I would like a signed in user to be able to still see the pricing page without the google sign-in causing a redirect.
My Code
I have the meta tag at the top of my page that identifies my application. <meta name="google-signin-client_id" content="MY_CLIENT_ID">
I include this script on my page:<script src="https://apis.google.com/js/platform.js"></script>
I have this div that renders the button: <div class="g-signin2" data-onsuccess="onSignIn"></div>
My onSignIn function looks like this:
function onSignIn(googleUser) {
var id_token = googleUser.getAuthResponse().id_token;
$('#google_token').val(id_token); //hidden form value
$('#google-oauth').submit(); //hidden form
}
The hidden form is submitted to the backend, where the token is used to retrieve the user's email address and name, and then creates a user account and logs them in.
My problem is that if the user is already signed in, google will automatically call the onSignIn function causing the form to be submitted when the page is loaded. Is there a way for me to prevent the onSignIn function being automatically called?
Reference: https://developers.google.com/identity/sign-in/web/sign-in
Furthermore, it's as secure as your app login system but doesn't require changes to your server-side code. Google's OAuth 2.0 accomplishes the same thing without requiring your users to give your their security code for your app.
All requests to the Gmail API must be authorized by an authenticated user. Gmail uses the OAuth 2.0 protocol for authenticating a Google account and authorizing access to user data. You can also use Google Sign-in to provide a "sign-in with Google" authentication method for your app.
Google APIs use the OAuth 2.0 protocol for authentication and authorization. Google supports common OAuth 2.0 scenarios such as those for web server, client-side, installed, and limited-input device applications.
Try signing out after you get the user information, I tried sign out, but disconnect did it
function onSignIn(googleUser) {
var profile = googleUser.getBasicProfile();
var idToken = googleUser.getAuthResponse().id_token;
gapi.auth2.getAuthInstance().disconnect().then(function () {
//Do stuff here after the user has been signed out, you can still authenticate the token with Google on the server side
}
}
try this:
function onSignIn(googleUser) {
var id_token = googleUser.getAuthResponse().id_token;
var auth2 = gapi.auth2.getAuthInstance();
auth2.disconnect();
//if this did not had time to sign out put below lines in setTimeout to make a delay
$('#google_token').val(id_token); //hidden form value
$('#google-oauth').submit(); //hidden form
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With