©2010 Google -
Code Home -
Terms of Service -
Privacy Policy -
Site Directory
Google Code offered in:
English -
Español -
日本語 -
한국어 -
Português -
Pусский -
中文(简体) -
中文(繁體)
Getting Started
I want to...
- Choose an auth mechanism that will work for my application.
- Authorize my app to access data using a Google API.
- Let users sign in to my website using their Google Account.
- Register my application with Google.
- Get help! Join our community and participate in the discussion group.
What are authentication and authorization?
Third-party applications often require limited access to a user's Google Account for certain types of activity. To ensure that user data is not abused, all requests for access must be approved by the account holder. Access control has two components, authentication and authorization.
Authentication services allow users to sign in to your application using a Google Account. Some services also allow users to sign in using another account, such as an OpenID login. Authentication allows you to identify users, for example to provide a customized experience when using your application.
Authorization services let users provide your application with access to the data they have stored in Google applications. Google takes privacy seriously, and any application that requires access to a user's data must be authorized by the user.
Authentication: Allow users to sign-in |
Authorization: Access users' data |
OpenID for Google Account Users, based on the OpenID 2.0 protocol, allows users to log into your website or web application with their Google account. When Google authenticates a user's account, it returns a user ID to your application, which allows you to collect and store user information. OpenID also allows you to get access to certain user account information, with user approval. |
The OAuth open-standard protocol allows users to authorize access to their data, after they have been authenticated. When you use OAuth, the user is presented with a screen asking them to give your application access to the data you request. If they agree, OAuth returns a token which you can use to access that data. OAuth is available for web applications and for installed applications. |
- The hybrid protocol uses both OpenID and OAuth, to provide both authentication and authorization in a single-step process.
- Google's proprietary AuthSub API offers access control features similar to those available using OAuth. AuthSub is not used widely outside the Google APIs, so we recommend that you migrate to OAuth where possible.
The Authentication and Authorization APIs can be used with both regular Google accounts and Google Apps hosted accounts. Although the user experience varies slightly, the process of managing authorization and/or authentication programmatically is the same for both types of accounts.