Google Sign-In

Last updated: Jun 14, 2026

The Google Sign-In module enables native Google authentication inside your app. Instead of filling out a login form, users tap a button and the app uses their device's saved Google account — no password required. This works by connecting to your website's existing Google Sign-In integration.

Prerequisite: Your website must already have Google Sign-In configured and working in a browser before setting this up in Appilix.

How It Works

When a user taps a Google Sign-In button inside the app, the native Google authentication flow opens. After the user selects their account, the app passes the authentication token back to your website — following the same flow your website already handles in a browser. No changes to your backend are required in most cases.

Android / iOS Client ID

The OAuth 2.0 Client ID for your Android or iOS app, created in Google Cloud Console.

Steps to create it:

  1. Go to Google Cloud Console and open the same project where your website's Google Sign-In is configured.
  2. Navigate to APIs & Services → Credentials.
  3. Click Create Credentials → OAuth Client ID.
  4. Choose Android or iOS as the application type.
  5. For Android, enter your package name and SHA-1 fingerprint (shown in your Appilix dashboard).
  6. For iOS, enter your Bundle ID.
  7. Save and copy the generated Client ID.

Important: The Android/iOS Client ID must belong to the same Google Cloud project as your website's Web Client ID. This ensures both share the same authentication scope.

After Publishing to Google Play (Android)

When you publish your app to Google Play and enable Play App Signing, Google re-signs your app with their own key. This means the SHA-1 fingerprint changes from the one in your Appilix dashboard, and Google Sign-In will stop working for users who installed from the Play Store.

Getting the SHA-1 from Play Console

  1. Open Google Play Console and select your app.
  2. In the left sidebar, click Protected with Play.
  3. Under Play Store protection, expand the section and click Manage Play app signing.
  4. On the App signing page, find the App signing key certificate section.
  5. Copy the SHA-1 certificate fingerprint.

Once you have the SHA-1, open your existing Android OAuth Client ID in Google Cloud Console and replace the SHA-1 fingerprint with the one from Play Console, then save.

Note: After replacing, Google Sign-In will work for Play Store installs but will no longer work for direct APK installs, since the SHA-1 no longer matches the Appilix keystore. This is expected — your published app on the Play Store is what matters at this stage. If you ever need to test using a direct APK again, simply update the SHA-1 back to the one shown in your Appilix dashboard.

Web App Client ID (Optional)

Your website's Web OAuth Client ID, used for backend token validation. In most cases, the app can detect this automatically and this field can be left blank.

  • Maximum length: 200 characters

Only fill this in if your backend explicitly requires a specific Web Client ID for token verification, or if auto-detection fails.

Redirect URI (Optional)

The redirect URI your website uses to receive OAuth tokens after authentication. Leave blank unless auto-detection fails.

  • Maximum length: 700 characters
  • Must match the URI configured in Google Cloud Console

Scopes (Optional)

The Google account permissions your website requests. Leave blank to use the defaults.

  • Example: email profile openid
  • Maximum length: 200 characters

Triggering Sign-In from JavaScript

If your website cannot complete the Google Sign-In flow automatically inside the app — for example, if you use a custom auth library, a single-page app, or a platform with a managed OAuth flow — you can trigger native Google Sign-In directly from your website JavaScript using the JS Bridge.

See Google Sign-In JS Bridge for the full reference and examples.

Compatibility Note

For most websites, Google Sign-In works immediately after the Client IDs are configured. Some websites handle the Google login callback in custom ways that may need a small adjustment in how the app processes the token.

If sign-in does not work after setup, contact the Appilix support team. They can review your website's authentication flow and adjust the app configuration without needing access to your website code.

Sites That Use a Managed Google Sign-In Flow (Lovable, Bolt, etc.)

AI-built site platforms like Lovable, Bolt, and similar tools often implement Google Sign-In using a managed OAuth flow with PKCE (code_challenge / code_verifier). This is a platform-level integration that runs entirely inside their infrastructure — your app never gets access to the user's token or profile data, so Appilix's native Google Sign-In cannot intercept or complete the flow.

Symptoms:

  • The Google account picker opens but sign-in never completes inside the app.
  • The user is redirected to a platform-owned callback URL instead of your site's own route.

Fix: Switch to a Manual OAuth Redirect Flow

You need to replace the platform's managed sign-in with your own OAuth 2.0 credentials using a standard redirect flow (no PKCE). Use your site's AI assistant or developer to apply a prompt like the one below.

Before using this prompt, go to Google Cloud ConsoleAPIs & Services → Credentials and open your Web application OAuth 2.0 Client ID to copy your Client ID and Client Secret.

---

Prompt to give your AI assistant (e.g. Lovable, Bolt):

Implement Google Sign-In using my own OAuth 2.0 credentials with a manual redirect flow (no PKCE/code_challenge).

1. When clicked on the Google Sign-in Button, redirect the browser to:
   https://accounts.google.com/o/oauth2/v2/auth?response_type=code&access_type=online&client_id=<MY_CLIENT_ID>&redirect_uri=<REDIRECT_URL>&scope=email%20profile&prompt=select_account

2. Create a callback route (e.g., /auth/callback) that reads the ?code query parameter.

3. From that callback, call a server function that exchanges the authorization code for an access token using client_id, client_secret, redirect_uri, and grant_type=authorization_code via https://oauth2.googleapis.com/token.

4. Use the access token to fetch the user's profile from https://www.googleapis.com/oauth2/v3/userinfo.

5. Store the profile (name, email, picture) client-side and process other user activities. Provide a Sign Out button that clears the session.

My credentials:
- Client ID: (paste your Web application Client ID here)
- Client Secret: (paste your Web application Client Secret here)

After implementation, tell me the exact redirect_uri I need to add to my Google Cloud Console Authorized redirect URIs.

---

After the AI implements this, it will give you a redirect URI (something like https://yoursite.com/auth/callback). Add that URI to your Google Cloud Console:

  1. Go to APIs & Services → Credentials → open your Web application OAuth Client ID.
  2. Under Authorized redirect URIs, click Add URI and paste the callback URL.
  3. Click Save.

Once this is done, test sign-in on your live site in a browser first, then configure the Appilix Google Sign-In module as normal.