Skip to main content

Google Sign-In + Drive

Google is used for two things: signing in with a Google account, and storing the backup encryption key in Google Drive.

Part 1: Google Sign-In

1.1 Create a Google Cloud project

  1. Go to the Google Cloud Console.
  2. Create a new project (or select an existing one).
  3. Go to APIs & ServicesOAuth consent screen:
    • Choose External user type.
    • Fill in the app name, support email, and developer contact.
    • Add the scope https://www.googleapis.com/auth/userinfo.email and https://www.googleapis.com/auth/userinfo.profile.
    • Save and continue.

1.2 Create OAuth 2.0 credentials

You need two credential sets: one for web (used by Auth0 and as a reference) and one for iOS.

Web client (used for Google Drive access token requests):

  1. Go to APIs & ServicesCredentialsCreate CredentialsOAuth 2.0 Client ID.
  2. Choose Web application.
  3. Note the Client ID — this is EXPO_PUBLIC_WEB_CLIENT_ID.

iOS client:

  1. Create another OAuth 2.0 Client ID.
  2. Choose iOS.
  3. Enter your app's bundle identifier.
  4. Note the Client ID — this is EXPO_PUBLIC_IOS_CLIENT_ID.
  5. The iOS URL scheme is the reversed client ID (e.g. if your client ID is 123-abc.apps.googleusercontent.com, the URL scheme is com.googleusercontent.apps.123-abc).

1.3 Add values to .env

EXPO_PUBLIC_WEB_CLIENT_ID=your_web_client_id.apps.googleusercontent.com
EXPO_PUBLIC_IOS_CLIENT_ID=your_ios_client_id.apps.googleusercontent.com
EXPO_PUBLIC_IOS_URL_SCHEME=com.googleusercontent.apps.your_ios_client_id

Part 2: Google Drive API

The boilerplate saves the backup encryption key as a file in the user's Google Drive. During backup, the app requests a Drive access token using the Google Sign-In SDK.

2.1 Enable the Google Drive API

  1. In the same Google Cloud project, go to APIs & ServicesLibrary.
  2. Search for Google Drive API and click Enable.

2.2 Add the Drive scope

The app requests the https://www.googleapis.com/auth/drive scope when the user initiates a backup. No additional configuration is required — the scope is requested at runtime.

The Drive access token is requested on-demand during the backup flow using requestGoogleDriveAccessToken(). Users will see a Google consent screen asking for Drive access the first time they back up.