Cross Client Identity Google OAuth Api Console - Flutter App

Question

I have a website providing functionality for Google Sign In. There is a server side authentication taking place after getting idToken on client side.

Now I am making an app(in FLUTTER) for the same website. In Google API console, I have to create new credentials under the same project and that generates new client id.

I read about cross client identity (Link: https://developers.google.com/identity/protocols/oauth2/cross-client-identity). I want to know how can I implement this so that a user is asked for approval only once.

Do I really need two client ids?

Answer 1

This will work even if the web app and mobile (Flutter) app do not have the same client ID. This is stated in the documentation here:

Google considers that when a user has granted access to a particular scope to any client ID in a project, the grant indicates the user's trust in the whole application [i.e., all clients in the project] for that scope.

You should make a project that contains multiple clients. Your Web app will be one and the Flutter app will be another. These will end up with different client IDs, but that's OK. Later, when the user authorizes (consents to) a scope from the Web app, they will still authenticate in the Flutter app but not have to reauthorize this second client to use the same scope. The reverse is also the case -- if the user authorizes a scope in the Flutter app first, they will later have to authenticate in the Web app, but they won't have to consent to the scope.