Due to complications with project provisioning, we need to switch to using the JS API for the time being – i.e. using the popup-based flow with JS callback for handling the credential.
Do not alter or remove anything below. The following sections will be managed by moderators only.
Update the call to google.accounts.id.initialize to only include the client_id and define the callback with a reference to a function which will handle the credential response
The callback function should make a POST request to the login endpoint, passing the response it receives as the post body
If the response from the login endpoint is ok and redirected, navigate to the url of the response
Conditionally call google.accounts.id.prompt() after initializing if one tap is enabled in the module settings
Remove the functionality which verifies the g_csrf_token which is only present in the redirect flow
tofumatt
commented
3 days ago
Feature Description
Due to complications with project provisioning, we need to switch to using the JS API for the time being – i.e. using the popup-based flow with JS callback for handling the credential.
Do not alter or remove anything below. The following sections will be managed by moderators only.
Acceptance criteria
popupUX mode instead ofredirect_See also Handle credential response_Implementation Brief
google.accounts.id.initializeto only include theclient_idand define thecallbackwith a reference to a function which will handle the credential responsecallbackfunction should make a POST request to the login endpoint, passing theresponseit receives as the post bodyokandredirected, navigate to theurlof the responsegoogle.accounts.id.prompt()after initializing if one tap is enabled in the module settingsg_csrf_tokenwhich is only present in theredirectflowSee POC PR https://github.com/google/site-kit-wp/pull/9683
Test Coverage
g_csrf_tokenQA Brief
Changelog entry