Google Sign-In
The Google Sign-In module enables native Google authentication inside your app. Instead of filling out a login form, users tap a button and the app uses their device's saved Google account — no password required. This works by connecting to your website's existing Google Sign-In integration.
How It Works
When a user taps a Google Sign-In button inside the app, the native Google authentication flow opens. After the user selects their account, the app passes the authentication token back to your website — following the same flow your website already handles in a browser. No changes to your backend are required in most cases.
Android / iOS Client ID
The OAuth 2.0 Client ID for your Android or iOS app, created in Google Cloud Console.
Steps to create it:
- Go to Google Cloud Console and open the same project where your website's Google Sign-In is configured.
- Navigate to APIs & Services → Credentials.
- Click Create Credentials → OAuth Client ID.
- Choose Android or iOS as the application type.
- For Android, enter your package name and SHA-1 fingerprint (shown in your Appilix dashboard).
- For iOS, enter your Bundle ID.
- Save and copy the generated Client ID.
After Publishing to Google Play (Android)
When you publish your app to Google Play and enable Play App Signing, Google re-signs your app with their own key. This means the SHA-1 fingerprint changes from the one in your Appilix dashboard, and Google Sign-In will stop working for users who installed from the Play Store.
Getting the SHA-1 from Play Console
- Open Google Play Console and select your app.
- In the left sidebar, click Protected with Play.
- Under Play Store protection, expand the section and click Manage Play app signing.
- On the App signing page, find the App signing key certificate section.
- Copy the SHA-1 certificate fingerprint.
Once you have the SHA-1, open your existing Android OAuth Client ID in Google Cloud Console and replace the SHA-1 fingerprint with the one from Play Console, then save.
Web App Client ID (Optional)
Your website's Web OAuth Client ID, used for backend token validation. In most cases, the app can detect this automatically and this field can be left blank.
- Maximum length: 200 characters
Only fill this in if your backend explicitly requires a specific Web Client ID for token verification, or if auto-detection fails.
Redirect URI (Optional)
The redirect URI your website uses to receive OAuth tokens after authentication. Leave blank unless auto-detection fails.
- Maximum length: 700 characters
- Must match the URI configured in Google Cloud Console
Scopes (Optional)
The Google account permissions your website requests. Leave blank to use the defaults.
- Example:
email profile openid - Maximum length: 200 characters
Triggering Sign-In from JavaScript
If your website cannot complete the Google Sign-In flow automatically inside the app — for example, if you use a custom auth library, a single-page app, or a platform with a managed OAuth flow — you can trigger native Google Sign-In directly from your website JavaScript using the JS Bridge.
See Google Sign-In JS Bridge for the full reference and examples.
Compatibility Note
For most websites, Google Sign-In works immediately after the Client IDs are configured. Some websites handle the Google login callback in custom ways that may need a small adjustment in how the app processes the token.
If sign-in does not work after setup, contact the Appilix support team. They can review your website's authentication flow and adjust the app configuration without needing access to your website code.
Sites That Use a Managed Google Sign-In Flow (Lovable, Bolt, etc.)
AI-built site platforms like Lovable, Bolt, and similar tools often implement Google Sign-In using a managed OAuth flow with PKCE (code_challenge / code_verifier). This is a platform-level integration that runs entirely inside their infrastructure — your app never gets access to the user's token or profile data, so Appilix's native Google Sign-In cannot intercept or complete the flow.
Symptoms:
- The Google account picker opens but sign-in never completes inside the app.
- The user is redirected to a platform-owned callback URL instead of your site's own route.
Fix: Switch to a Manual OAuth Redirect Flow
You need to replace the platform's managed sign-in with your own OAuth 2.0 credentials using a standard redirect flow (no PKCE). Use your site's AI assistant or developer to apply a prompt like the one below.
---
Prompt to give your AI assistant (e.g. Lovable, Bolt):
Implement Google Sign-In using my own OAuth 2.0 credentials with a manual redirect flow (no PKCE/code_challenge).
1. When clicked on the Google Sign-in Button, redirect the browser to:
https://accounts.google.com/o/oauth2/v2/auth?response_type=code&access_type=online&client_id=<MY_CLIENT_ID>&redirect_uri=<REDIRECT_URL>&scope=email%20profile&prompt=select_account
2. Create a callback route (e.g., /auth/callback) that reads the ?code query parameter.
3. From that callback, call a server function that exchanges the authorization code for an access token using client_id, client_secret, redirect_uri, and grant_type=authorization_code via https://oauth2.googleapis.com/token.
4. Use the access token to fetch the user's profile from https://www.googleapis.com/oauth2/v3/userinfo.
5. Store the profile (name, email, picture) client-side and process other user activities. Provide a Sign Out button that clears the session.
My credentials:
- Client ID: (paste your Web application Client ID here)
- Client Secret: (paste your Web application Client Secret here)
After implementation, tell me the exact redirect_uri I need to add to my Google Cloud Console Authorized redirect URIs.---
After the AI implements this, it will give you a redirect URI (something like https://yoursite.com/auth/callback). Add that URI to your Google Cloud Console:
- Go to APIs & Services → Credentials → open your Web application OAuth Client ID.
- Under Authorized redirect URIs, click Add URI and paste the callback URL.
- Click Save.
Once this is done, test sign-in on your live site in a browser first, then configure the Appilix Google Sign-In module as normal.