Gathering detailed insights and metrics for @react-native-community/google-signin
Gathering detailed insights and metrics for @react-native-community/google-signin
Google Sign-in for your React Native applications
Installations
npm install @react-native-community/google-signinDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
14.8.0
NPM Version
6.14.7
Releases
78
Languages
8
TypeScript
Java
Objective-C++
JavaScript
Ruby
Kotlin
Objective-C
Swift
TypeScript (36.64%)
Java (36.1%)
Objective-C++ (17.21%)
JavaScript (4.66%)
Ruby (2.3%)
Kotlin (1.85%)
Objective-C (0.92%)
Swift (0.33%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
3,400 Stars
596 Commits
893 Forks
46 Watchers
2 Branches
104 Contributors
Updated on Jul 15, 2025
Maintainers
40
Package Meta Information
Latest Version
5.0.0
Package Id
@react-native-community/google-signin@5.0.0
Unpacked Size
150.76 kB
Size
79.42 kB
File Count
40
NPM Version
6.14.7
Node Version
14.8.0
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Features
- Support all 3 types of authentication methods (standard, with server-side validation or with offline access (aka server side access))
- Promise-based API consistent between Android and iOS
- Typings for TypeScript and Flow
- Native signin buttons
Project setup and initialization
For RN >= 0.60 please use version 3 installed from @react-native-community/google-signin
yarn add @react-native-community/google-signin
For RN <= 0.59 use version 2 installed from react-native-google-signin
yarn add react-native-google-signin
Then follow the Android guide and iOS guide
Public API
1. GoogleSignin
1import { 2 GoogleSignin, 3 GoogleSigninButton, 4 statusCodes, 5} from '@react-native-community/google-signin';
configure(options)
It is mandatory to call this method before attempting to call signIn() and signInSilently(). This method is sync meaning you can call signIn / signInSilently right after it. In typical scenarios, configure needs to be called only once, after your app starts. In the native layer, this is a synchronous call.
Example usage with for default options: you get user email and basic profile info.
1import { GoogleSignin } from '@react-native-community/google-signin'; 2 3GoogleSignin.configure();
Example to access Google Drive both from the mobile application and from the backend server
1GoogleSignin.configure({ 2 scopes: ['https://www.googleapis.com/auth/drive.readonly'], // what API you want to access on behalf of the user, default is email and profile 3 webClientId: '<FROM DEVELOPER CONSOLE>', // client ID of type WEB for your server (needed to verify user ID and offline access) 4 offlineAccess: true, // if you want to access Google API on behalf of the user FROM YOUR SERVER 5 hostedDomain: '', // specifies a hosted domain restriction 6 loginHint: '', // [iOS] The user's ID, or email address, to be prefilled in the authentication UI if possible. [See docs here](https://developers.google.com/identity/sign-in/ios/api/interface_g_i_d_sign_in.html#a0a68c7504c31ab0b728432565f6e33fd) 7 forceCodeForRefreshToken: true, // [Android] related to `serverAuthCode`, read the docs link below *. 8 accountName: '', // [Android] specifies an account name on the device that should be used 9 iosClientId: '<FROM DEVELOPER CONSOLE>', // [iOS] optional, if you want to specify the client ID of type iOS (otherwise, it is taken from GoogleService-Info.plist) 10});
* forceCodeForRefreshToken docs
signIn()
Prompts a modal to let the user sign in into your application. Resolved promise returns an userInfo object. Rejects with error otherwise.
1// import statusCodes along with GoogleSignin 2import { GoogleSignin, statusCodes } from '@react-native-community/google-signin'; 3 4// Somewhere in your code 5signIn = async () => { 6 try { 7 await GoogleSignin.hasPlayServices(); 8 const userInfo = await GoogleSignin.signIn(); 9 this.setState({ userInfo }); 10 } catch (error) { 11 if (error.code === statusCodes.SIGN_IN_CANCELLED) { 12 // user cancelled the login flow 13 } else if (error.code === statusCodes.IN_PROGRESS) { 14 // operation (e.g. sign in) is in progress already 15 } else if (error.code === statusCodes.PLAY_SERVICES_NOT_AVAILABLE) { 16 // play services not available or outdated 17 } else { 18 // some other error happened 19 } 20 } 21};
signInSilently()
May be called eg. in the componentDidMount of your main component. This method returns the current user and rejects with an error otherwise.
To see how to handle errors read signIn() method
1getCurrentUserInfo = async () => { 2 try { 3 const userInfo = await GoogleSignin.signInSilently(); 4 this.setState({ userInfo }); 5 } catch (error) { 6 if (error.code === statusCodes.SIGN_IN_REQUIRED) { 7 // user has not signed in yet 8 } else { 9 // some other error 10 } 11 } 12};
isSignedIn()
This method may be used to find out whether some user is currently signed in. It returns a promise which resolves with a boolean value (it never rejects). In the native layer, this is a synchronous call. This means that it will resolve even when the device is offline. Note that it may happen that isSignedIn() resolves to true and calling signInSilently() rejects with an error (eg. due to a network issue).
1isSignedIn = async () => { 2 const isSignedIn = await GoogleSignin.isSignedIn(); 3 this.setState({ isLoginScreenPresented: !isSignedIn }); 4};
getCurrentUser()
This method resolves with null or userInfo object. The call never rejects and in the native layer, this is a synchronous call. Note that on Android, accessToken is always null in the response.
1getCurrentUser = async () => { 2 const currentUser = await GoogleSignin.getCurrentUser(); 3 this.setState({ currentUser }); 4};
clearCachedAccessToken(accessTokenString)
This method only has an effect on Android. You may run into a 401 Unauthorized error when a token is invalid. Call this method to remove the token from local cache and then call getTokens() to get fresh tokens. Calling this method on iOS does nothing and always resolves. This is because on iOS, getTokens() always returns valid tokens, refreshing them first if they have expired or are about to expire (see docs).
getTokens()
Resolves with an object containing { idToken: string, accessToken: string, } or rejects with an error. Note that using accessToken is discouraged.
signOut()
Removes user session from the device.
1signOut = async () => { 2 try { 3 await GoogleSignin.revokeAccess(); 4 await GoogleSignin.signOut(); 5 this.setState({ user: null }); // Remember to remove the user from your app's state as well 6 } catch (error) { 7 console.error(error); 8 } 9};
revokeAccess()
Removes your application from the user authorized applications.
1revokeAccess = async () => { 2 try { 3 await GoogleSignin.revokeAccess(); 4 console.log('deleted'); 5 } catch (error) { 6 console.error(error); 7 } 8};
hasPlayServices(options)
Checks if device has Google Play Services installed. Always resolves to true on iOS.
Presence of up-to-date Google Play Services is required to show the sign in modal, but it is not required to perform calls to configure and signInSilently. Therefore, we recommend to call hasPlayServices directly before signIn.
1try { 2 await GoogleSignin.hasPlayServices({ showPlayServicesUpdateDialog: true }); 3 // google services are available 4} catch (err) { 5 console.error('play services are not available'); 6}
hasPlayServices accepts one parameter, an object which contains a single key: showPlayServicesUpdateDialog (defaults to true). When showPlayServicesUpdateDialog is set to true the library will prompt the user to take action to solve the issue, as seen in the figure below.
You may also use this call at any time to find out if Google Play Services are available and react to the result as necessary.
statusCodes
These are useful when determining which kind of error has occured during sign in process. Import statusCodes along with GoogleSignIn. Under the hood these constants are derived from native GoogleSignIn error codes and are platform specific. Always prefer to compare error.code to statusCodes.SIGN_IN_CANCELLED or statusCodes.IN_PROGRESS and not relying on raw value of the error.code.
| Name | Description |
|---|---|
SIGN_IN_CANCELLED | When user cancels the sign in flow |
IN_PROGRESS | Trying to invoke another operation (eg. signInSilently) when previous one has not yet finished. If you call eg. signInSilently twice, 2 calls to signInSilently in the native module will be done. The promise from the first call to signInSilently will be rejected with this error, and the second will resolve / reject with the result of the native module. |
SIGN_IN_REQUIRED | Useful for use with signInSilently() - no user has signed in yet |
PLAY_SERVICES_NOT_AVAILABLE | Play services are not available or outdated, this can only happen on Android |
Example how to use statusCodes.
2. GoogleSigninButton
1import { GoogleSignin, GoogleSigninButton } from '@react-native-community/google-signin'; 2 3render() { 4 <GoogleSigninButton 5 style={{ width: 192, height: 48 }} 6 size={GoogleSigninButton.Size.Wide} 7 color={GoogleSigninButton.Color.Dark} 8 onPress={this._signIn} 9 disabled={this.state.isSigninInProgress} /> 10}
Props
size
Possible values:
- Size.Icon: display only Google icon. Recommended size of 48 x 48.
- Size.Standard: icon with 'Sign in'. Recommended size of 230 x 48.
- Size.Wide: icon with 'Sign in with Google'. Recommended size of 312 x 48.
Default: Size.Standard. Given the size prop you pass, we'll automatically apply the recommended size, but you can override it by passing the style prop as in style={{ width, height }}.
color
Possible values:
- Color.Dark: apply a blue background
- Color.Light: apply a light gray background
disabled
Boolean. If true, all interactions for the button are disabled.
onPress
Handler to be called when the user taps the button
Inherited View props...
3. userInfo
Example userInfo which is returned after successful sign in.
{
idToken: string,
serverAuthCode: string,
scopes: Array<string>, // on iOS this is empty array if no additional scopes are defined
user: {
email: string,
id: string,
givenName: string,
familyName: string,
photo: string, // url
name: string // full name
}
}
Want to contribute?
Check out the contributor guide!
Notes
Calling the methods exposed by this package may involve remote network calls and you should thus take into account that such calls may take a long time to complete (eg. in case of poor network connection).
idToken Note: idToken is not null only if you specify a valid webClientId. webClientId corresponds to your server clientID on the developers console. It HAS TO BE of type WEB
Read iOS documentation and Android documentation for more information
serverAuthCode Note: serverAuthCode is not null only if you specify a valid webClientId and set offlineAccess to true. once you get the auth code, you can send it to your backend server and exchange the code for an access token. Only with this freshly acquired token can you access user data.
Read iOS documentation and Android documentation for more information.
Additional scopes
The default requested scopes are email and profile.
If you want to manage other data from your application (for example access user agenda or upload a file to drive) you need to request additional permissions. This can be accomplished by adding the necessary scopes when configuring the GoogleSignin instance.
Please visit https://developers.google.com/identity/protocols/googlescopes or https://developers.google.com/oauthplayground/ for a list of available scopes.
Troubleshooting
Please see the troubleshooting section in the Android guide and iOS guide.
Licence
(MIT)
No vulnerabilities found.
Reason
12 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
binaries present in source code
Details
- Warn: binary detected: example/android/gradle/wrapper/gradle-wrapper.jar:1
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/support.yml:1
- Warn: no topLevel permission defined: .github/workflows/test_lint_publish.yml:1
- Info: no jobLevel write permissions found
Reason
Found 1/27 approved changesets -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/support.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-google-signin/google-signin/support.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/support.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-google-signin/google-signin/support.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/support.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-google-signin/google-signin/support.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_lint_publish.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-google-signin/google-signin/test_lint_publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_lint_publish.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-google-signin/google-signin/test_lint_publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_lint_publish.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-google-signin/google-signin/test_lint_publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_lint_publish.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-google-signin/google-signin/test_lint_publish.yml/master?enable=pin
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 3 third-party GitHubAction dependencies pinned
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 19 are checked with a SAST tool
Reason
10 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
- Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
3.7
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More