Web Authentication API
Stay organized with collections
Save and categorize content based on your preferences.
Integrators must implement a web host to redirect the users for authentication
purposes. This authentication is a different modality, but the
same purpose as the authentication provided by the Android authentication.
This web host must have a mobile friendly web site.
The web host must determine mobile web requests vs desktop web requests based on
the user-agent header value. The page delivered on mobile web requests must be
mobile web friendly on Android and iOS. Beside the user-agent header value, the
client will provide you no other hint as to the environment where this user is
making the request (desktop or web).
The server must implement an HTTPS protocol using GET. The path and host are
definable by the integrator. The integrator must support URL lengths of 2,048
chars. This includes the scheme, host, port, path and parameters.
All parameters will be UTF-8 encoded prior to being URL-encoded.
Request
Upon request, Google provides the following as URL parameters:
| Fields |
|---|
gspMajorVersion
|
int
Major version number for this request.
|
gspAuthenticationRequest
|
AuthenticationRequest
Authentication request.
|
gspAssociationId
|
string
If present, this contains an identifier that the integrator uses to look
up credentials for the user that is challenged. If this is not present,
the user has the option to change the account identification.
|
gspCallbackUrl
|
string
URL to redirect the user to in order to finish the authentication flow on
Google. This value is url encoded.
|
Response
Upon completion of the authentication, the user must be redirected to the
gspCallbackUrl using HTTPS GET. This URL must have the following query
parameters:
| Fields |
gspResult
|
int
100
|
Authentication was successful.
|
201
|
User canceled the flow manually and the flow should be aborted.
|
202
|
Authentication failed for a fatal reason and the flow should be
aborted.
|
|
gspAuthenticationResponse
|
AuthenticationResponse
Authentication response.
|
All rights reserved. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-09-03 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-09-03 UTC."],[[["Integrators must implement a mobile-friendly web host to redirect users for authentication, similar to Android authentication but utilizing a web-based approach."],["The web host should distinguish between mobile and desktop requests using the user-agent header and deliver a mobile-friendly experience for both Android and iOS."],["The server must use HTTPS GET with a definable path and host, supporting URLs up to 2,048 characters, including parameters encoded in UTF-8 before URL encoding."],["Google provides URL parameters for the request including version, authentication request, association ID (for credential lookup), and a callback URL for redirection after authentication."],["Upon authentication completion, the user is redirected to the provided callback URL with parameters indicating the result (success, cancellation, or failure) and an authentication response."]]],["Integrators must host a mobile-friendly website for user authentication, distinguishing between mobile and desktop requests via the user-agent header. The server must utilize HTTPS GET, with a definable path and host, supporting URLs up to 2,048 characters. Google provides parameters like `gspMajorVersion`, `gspAuthenticationRequest`, `gspAssociationId`, and `gspCallbackUrl` within the request. Upon authentication completion, the user is redirected to `gspCallbackUrl` via HTTPS GET, including `gspResult` and `gspAuthenticationResponse` parameters. All parameters are UTF-8 and URL-encoded.\n"]]