Skip to content

Google One Tap: Use new Client IDs and secure token transmission #14438

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

Google One Tap: Use new Client IDs and secure token transmission #14438

wants to merge 3 commits into from

Conversation

AshCorr
Copy link
Member

@AshCorr AshCorr commented Aug 21, 2025
edited
Loading

What does this change?

  • Updates the Client IDs used by Google One Tap to new ones created specifically for Google One Tap

    We don't need to use the same client IDs as we use for Google Social Sign in, so we may aswell separate concerns a bit and have a client ID specifically for Google One Tap.

  • POST using a virtual form submission, rather than redirecting to Gateway with the token in the URL.

    The ID token contains personal information and could be used to login as that user. By using a POST request and putting the token in the form body we can avoid the token appearing in the URL which would likely get logged in quite a few places.

Screenshots

Screen.Recording.2025-08-22.at.09.59.40.mov

@AshCorr AshCorr force-pushed the ash/add-google-one-ta branch from 05ed9a6 to 0cdeceb Compare August 21, 2025 16:36
@AshCorr AshCorr changed the title Ash/add google one ta Google One Tap: Use new Client IDs and secure token transmission Aug 21, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Aug 21, 2025
edited
Loading

Deploy build 44880 of Mobile::mobile-apps-rendering to CODE

All deployment options

From guardian/actions-riff-raff.

@github-actions GitHub Actions
Copy link

github-actions bot commented Aug 21, 2025
edited
Loading

Deploy build 20644 of dotcom:rendering-all to CODE

All deployment options

From guardian/actions-riff-raff.

@AshCorr AshCorr marked this pull request as ready for review August 22, 2025 09:02
@AshCorr AshCorr force-pushed the ash/add-google-one-ta branch from 0cdeceb to 87c16a1 Compare August 22, 2025 09:03
@github-actions GitHub Actions
Copy link

Hello 👋! When you're ready to run Chromatic, please apply the run_chromatic label to this PR.

You will need to reapply the label each time you want to run Chromatic.

Click here to see the Chromatic project.

@AshCorr AshCorr added the run_chromatic Runs chromatic when label is applied label Aug 22, 2025
@github-actions github-actions bot removed the run_chromatic Runs chromatic when label is applied label Aug 22, 2025
@AshCorr AshCorr force-pushed the ash/add-google-one-ta branch from 87c16a1 to 83ea337 Compare August 27, 2025 13:16
@AshCorr AshCorr requested a review from a team as a code owner August 27, 2025 13:16
@AshCorr AshCorr marked this pull request as draft August 27, 2025 13:21
@AshCorr AshCorr force-pushed the ash/add-google-one-ta branch from 83ea337 to fb91feb Compare August 28, 2025 11:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dotcom-rendering
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@AshCorr