Migrate from Google+ Sign-In

To migrate your app from Google+ Sign-In to Google Sign-In, you’ll need to update your sign in button, the scopes you request from the user and how to retrieve profile information from Google. Follow our Google Sign In for Android documentation for full instructions.

When updating your sign in button, do not refer to G+ or use the color red. Please conform to our updated branding guidelines.

Most Google+ Sign In applications requested some combination of the scopes: plus.login, plus.me and plus.profile.emails.read. By using GoogleSignInOptions.Builder with the DEFAULT_SIGN_IN option, you will automatically request the profile scope which provides the user’s name and profile picture. If you also want the user’s email address, you should call .requestEmail() when constructing Google sign-in options.

Many implementers of Google+ Sign In used the code flow. This means the Android, iOS or JavaScript apps obtain an OAuth authorization code from Google and send that code back to the server (with cross site request forgery protection). The server then validates the code and obtains refresh and access tokens to pull user profile information from the people.get API.

Google now recommends requesting an ID token and sending the ID token from your client to your server. ID tokens have cross site forgery protections built-in and also can be statically verified on your server, thus avoiding an extra API call to get user profile information from Google’s servers. Follow the instructions for validating ID tokens on your server.

If you would still prefer to use the code flow to obtain profile information, you may do so. Once your server has an access token, you will need to obtain user profile information from the userinfo endpoints specified in our Sign In Discovery document. The API response will be formatted differently than the Google+ profile response, so you will need to update your parsing to the new format.

If you are using GoogleAuthUtil.getToken or Plus.API, you should migrate to the newest Sign-In API for greater security and a better user experience.