google as identity provider and oauth

Question

Apologies upfront. Fairly confused about Google's identity provider platform. Hopefully I can ask this question in an intelligible way.

Here goes: I'm looking to setup this "platform" as a identity provider where the credentials (email and password), identity verification, 2nd factor login, etc are all managed within google. Then of course use this accross multiple apps for a single login.

What identity provider is this? Is it the "email / password" provider? If so, how is that used in the applications? All I see is google specific api calls for login, etc. I need the aforementioned management but with oauth/oidc workflow in the clients.

How is this possible?

Answer 1

When you perform authentication with Identity Platform, there are three kinds of auth tokens you might encounter:

Identity Platform ID tokens
Created by Identity Platform when a user signs in to an app. These tokens are signed JWTs that securely identify a user in a Google Cloud project

Identity Provider tokens
Created by federated identity providers, such as Google and Facebook. These tokens can have different formats, but are often OAuth 2.0 access tokens.

Identity Platform custom tokens Created by your custom auth system to allow users to sign in to an app using your auth system. Custom tokens are JWTs signed using a service account's private key.

You may refer on below links for more info/concepts and how to guides on Identity Platform:
Identity Platform users in projects
Signing in users with OIDC
How-to Guides