Setup - Configure Google Sign-In for App Login (All Platforms)

Step 9: Configure Google Sign-In for App Login

To enable Google Sign-In for user authentication in the AeroKites Edu app across all platforms (Android, iOS, and web), you need to configure the Google Client ID in Firebase and update your Flutter project accordingly.

A. Enable Google Sign-In in Firebase

Follow these steps to enable Google Sign-In in Firebase:

  1. Go to the Firebase Console and navigate to Authentication.
  2. Click on the Sign-in method tab.
  3. Enable Google Sign-In and save the settings.
Enable Google Sign-In
B. Get the Web Client ID

After enabling Google Sign-In, retrieve the Web Client ID:

  1. Click the edit icon next to Google Sign-In in Firebase Authentication.
  2. Copy the Web Client ID displayed under Web SDK Configuration.
Google Web Client ID
C. Update Your Flutter Project

Update the login_controller.dart file in your project to use the Web Client ID for Google Sign-In across all platforms.

Navigate to:

lib/modules/auth/login_controller.dart

Find the following line and replace YOUR_GOOGLE_CLIENT_ID with the Web Client ID from Firebase:

final GoogleSignIn googleSignIn = GoogleSignIn( clientId: "YOUR_GOOGLE_CLIENT_ID", );
Google Client ID in Code
D. Save and Run the App

Once the configuration is updated, save the file and restart your Flutter project to apply the changes:

flutter run
E. Verify OAuth Consent Screen for Google Sign-In

📢 Important Note:

Google Sign-In requires the OAuth consent screen to be verified for production use with external users. If you encounter a 403 PERMISSION_DENIED error related to the People API, follow these steps:

  1. Go to the Google Cloud Console.
  2. Select your project and navigate to APIs & Services > OAuth consent screen.
  3. Ensure your app is set to Production mode (not Testing) and submit the consent screen for verification.
  4. Provide a privacy policy in a basic web format (e.g., HTML) accessible via a URL, as required by Google. Update the OAuth consent screen with this URL and resubmit for verification.
  5. Follow Google's instructions to complete the verification process, which may take a few days to weeks. Reply to any emails from Google requesting additional information to proceed with the verification.

The image below shows the OAuth consent screen verification status in the Google Cloud Console:

OAuth Consent Screen Verification Status

For more details, refer to Google's OAuth Consent Screen Verification Guide.

F. Verify App Ownership for Android (Optional)

📢 Note for Android Users:

To ensure Google Sign-In works seamlessly on Android, you may need to verify app ownership in the Google Cloud Console. This step is optional but recommended for production apps:

  1. Go to the Google Cloud Console.
  2. Select your project and navigate to APIs & Services > OAuth consent screen > Project Checklist.
  3. Under "App security," check for a warning about verifying app ownership for the Android client.
  4. Publish your app on the Google Play Store.
  5. Once published, return to the Project Checklist and click Verify Ownership to complete the verification process.

Note: If your app is not yet published on the Google Play Store, the verification option may not be available. Complete the publishing process to proceed with this step.

For more details, refer to Google's App Verification Guide.

G. Understand the Authentication Flow

📢 Authentication Flow Overview:

AeroKites Edu uses Firebase Authentication for secure login, supporting email/password and Google Sign-In ("Continue with Google"). The app is designed to allow only parents and staff to log in using "Continue with Google" for their initial login. Here's how it works:

  • No Self-Registration: Public users cannot self-register. User accounts are created by the admin based on admission details provided by parents to the school.
  • Initial Login: When a student is added, the app creates a Firebase record with the parent's email and sends a welcome email. The parent must log in for the first time using "Continue with Google."
  • Account Linking: After the initial Google Sign-In, the app updates the parent record in the Firestore parents collection with the actual Firebase UID.
  • Subsequent Logins: Parents can reset their password using the reset password link on the login page, allowing easier logins with email/password in the future.

This approach ensures controlled access, enhances security, and aligns with industry standards for privacy and data protection by preventing unauthorized access and ensuring only verified users can log in.

Previous: Setup Step 8 | Next Steps