View react-native-google-si… on Snyk Open Source Advisor

Package Health Score

59 / 100

security
No known security issues
popularity
Recognized
maintenance
Inactive
community
Active

Explore Similar Packages

Security

No known security issues

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

All Versions

Version				Vulnerabilities	License Risk
2.1.1	\|	11/2019	Popular	0 C 0 H 0 M 0 L	0 H 0 M 0 L
2.0.0	\|	04/2019		0 C 0 H 0 M 0 L	0 H 0 M 0 L
1.2.3	\|	04/2019		0 C 0 H 0 M 0 L	0 H 0 M 0 L
0.12.0	\|	08/2017		0 C 0 H 0 M 0 L	0 H 0 M 0 L
0.11.0	\|	08/2017		0 C 0 H 0 M 0 L	0 H 0 M 0 L

License

MIT

Security Policy

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Recognized

Weekly Downloads (1,158)

GitHub Stars: 3.08K
Forks: 877
Contributors: 100

Direct Usage Popularity

The npm package react-native-google-signin receives a total of 1,158 downloads a week. As such, we scored react-native-google-signin popularity level to be Recognized.

Based on project statistics from the GitHub repository for the npm package react-native-google-signin, we found that it has been starred 3,076 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Active

Readme.md: Yes
Contributing.md: Yes
Code of Conduct: No
Contributors: 100
Funding: Yes

With more than 10 contributors for the react-native-google-signin repository, this is possibly a sign for a growing and inviting community.

We found a way for you to contribute to the project! Looks like react-native-google-signin is missing a Code of Conduct.

Embed Package Health Score Badge

Maintenance

Inactive

deprecated

Commit Frequency

Open Issues: 15
Open PR: 2
Last Release: 4 years ago
Last Commit: 14 days ago

Further analysis of the maintenance status of react-native-google-signin based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Inactive.

An important project maintenance signal to consider for react-native-google-signin is that it hasn't seen any new versions released to npm in the past 12 months, and could be considered as a discontinued project, or that which receives low attention from its maintainers.

As a healthy sign for on-going project maintenance, we found that the GitHub repository had at least 1 pull request or issue interacted with by the community.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: not defined

Age: 9 years
Dependencies: 0 Direct
Versions: 54
Install Size: 162 kB
Dist-tags: 1
# of Files: 43
Maintainers: 5
TS Typings: Yes

react-native-google-signin has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Readme

React Native Google Sign In

Features

Support all 3 types of authentication methods (standard, with server-side validation or with offline access (aka server side access))
Promise-based API consistent between Android and iOS
Typings for TypeScript and Flow
Native signin buttons

Project setup and initialization

yarn add react-native-google-signin

Then follow the Android guide and iOS guide

Public API

1. GoogleSigninButton

import { GoogleSignin, GoogleSigninButton } from 'react-native-google-signin';

render() {
  
}

Props

`size`

Possible values:

Size.Icon: display only Google icon. Recommended size of 48 x 48.
Size.Standard: icon with 'Sign in'. Recommended size of 230 x 48.
Size.Wide: icon with 'Sign in with Google'. Recommended size of 312 x 48.

Default: Size.Standard. Given the size prop you pass, we'll automatically apply the recommended size, but you can override it by passing the style prop as in style={{ width, height }}.

`color`

Possible values:

Color.Dark: apply a blue background
Color.Light: apply a light gray background

`disabled`

Boolean. If true, all interactions for the button are disabled.

`onPress`

Handler to be called when the user taps the button

Inherited `View` props...

2. GoogleSignin

import { GoogleSignin, GoogleSigninButton, statusCodes } from 'react-native-google-signin';

`configure(options)`

It is mandatory to call this method before attempting to call signIn() and signInSilently(). This method is sync meaning you can call signIn / signInSilently right after it. In typical scenarios, configure needs to be called only once, after your app starts. In the native layer, this is a synchronous call.

Example usage with for default options: you get user email and basic profile info.

import { GoogleSignin } from 'react-native-google-signin';

GoogleSignin.configure();

Example to access Google Drive both from the mobile application and from the backend server

GoogleSignin.configure({
  scopes: ['https://www.googleapis.com/auth/drive.readonly'], // what API you want to access on behalf of the user, default is email and profile
  webClientId: '', // client ID of type WEB for your server (needed to verify user ID and offline access)
  offlineAccess: true, // if you want to access Google API on behalf of the user FROM YOUR SERVER
  hostedDomain: '', // specifies a hosted domain restriction
  loginHint: '', // [iOS] The user's ID, or email address, to be prefilled in the authentication UI if possible. [See docs here](https://developers.google.com/identity/sign-in/ios/api/interface_g_i_d_sign_in.html#a0a68c7504c31ab0b728432565f6e33fd)
  forceConsentPrompt: true, // [Android] if you want to show the authorization prompt at each login.
  accountName: '', // [Android] specifies an account name on the device that should be used
  iosClientId: '', // [iOS] optional, if you want to specify the client ID of type iOS (otherwise, it is taken from GoogleService-Info.plist)
});

`signIn()`

Prompts a modal to let the user sign in into your application. Resolved promise returns an userInfo object.

// import statusCodes along with GoogleSignin
import { GoogleSignin, statusCodes } from 'react-native-google-signin';

// Somewhere in your code
signIn = async () =&gt; {
  try {
    await GoogleSignin.hasPlayServices();
    const userInfo = await GoogleSignin.signIn();
    this.setState({ userInfo });
  } catch (error) {
    if (error.code === statusCodes.SIGN_IN_CANCELLED) {
      // user cancelled the login flow
    } else if (error.code === statusCodes.IN_PROGRESS) {
      // operation (f.e. sign in) is in progress already
    } else if (error.code === statusCodes.PLAY_SERVICES_NOT_AVAILABLE) {
      // play services not available or outdated
    } else {
      // some other error happened
    }
  }
};

`signInSilently()`

May be called eg. in the componentDidMount of your main component. This method returns the current user and rejects with an error otherwise.

To see how to handle errors read signIn() method

getCurrentUserInfo = async () =&gt; {
  try {
    const userInfo = await GoogleSignin.signInSilently();
    this.setState({ userInfo });
  } catch (error) {
    if (error.code === statusCodes.SIGN_IN_REQUIRED) {
      // user has not signed in yet
    } else {
      // some other error
    }
  }
};

`isSignedIn()`

This method may be used to find out whether some user is currently signed in. It returns a promise which resolves with a boolean value (it never rejects). In the native layer, this is a synchronous call. This means that it will resolve even when the device is offline. Note that it may happen that isSignedIn() resolves to true and calling signInSilently() rejects with an error (eg. due to a network issue).

isSignedIn = async () =&gt; {
  const isSignedIn = await GoogleSignin.isSignedIn();
  this.setState({ isLoginScreenPresented: !isSignedIn });
};

`getCurrentUser()`

This method resolves with null or userInfo object. The call never rejects and in the native layer, this is a synchronous call. Note that on Android, accessToken is always null in the response.

getCurrentUser = async () =&gt; {
  const currentUser = await GoogleSignin.getCurrentUser();
  this.setState({ currentUser });
};

`clearCachedToken(tokenString)`

This method only has an effect on Android (Calling this method always resolves on iOS.). You may run into a 401 Unauthorized error when a token is invalid. Call this method to remove the token from local cache and then call getTokens() to get fresh tokens.

`getTokens()`

Resolves with an object containing { idToken: string, accessToken: string, } or rejects with an error. Note that using accessToken is discouraged.

`signOut()`

Remove user session from the device.

signOut = async () =&gt; {
  try {
    await GoogleSignin.revokeAccess();
    await GoogleSignin.signOut();
    this.setState({ user: null }); // Remember to remove the user from your app's state as well
  } catch (error) {
    console.error(error);
  }
};

`revokeAccess()`

Remove your application from the user authorized applications.

revokeAccess = async () =&gt; {
  try {
    await GoogleSignin.revokeAccess();
    console.log('deleted');
  } catch (error) {
    console.error(error);
  }
};

`hasPlayServices(options)`

Check if device has Google Play Services installed. Always resolves to true on iOS.

Presence of up-to-date Google Play Services is required to show the sign in modal, but it is not required to perform calls to configure and signInSilently. Therefore, we recommend to call hasPlayServices directly before signIn.

try {
  await GoogleSignin.hasPlayServices({ showPlayServicesUpdateDialog: true });
  // google services are available
} catch (err) {
  console.error('play services are not available');
}

hasPlayServices accepts one parameter, an object which contains a single key: showPlayServicesUpdateDialog (defaults to true). When showPlayServicesUpdateDialog is set to true the library will prompt the user to take action to solve the issue, as seen in the figure below.

You may also use this call at any time to find out if Google Play Services are available and react to the result as necessary.

`statusCodes`

These are useful when determining which kind of error has occured during sign in process. Import statusCodes along with GoogleSignIn. Under the hood these constants are derived from native GoogleSignIn error codes and are platform specific. Always prefer to compare error.code to statusCodes.SIGN_IN_CANCELLED or statusCodes.IN_PROGRESS and not relying on raw value of the error.code.

Name	Description
`SIGN_IN_CANCELLED`	When user cancels the sign in flow
`IN_PROGRESS`	Trying to invoke another sign in flow (or any of the other operations) when previous one has not yet finished
`SIGN_IN_REQUIRED`	Useful for use with `signInSilently()` - no user has signed in yet
`PLAY_SERVICES_NOT_AVAILABLE`	Play services are not available or outdated, this can only happen on Android

Example how to use statusCodes.

3. `userInfo`

Example userInfo which is returned after successful sign in.

{
  idToken: string,
  serverAuthCode: string,
  scopes: Array, // on iOS this is empty array if no additional scopes are defined
  user: {
    email: string,
    id: string,
    givenName: string,
    familyName: string,
    photo: string, // url
    name: string // full name
  }
}

Want to contribute?

Check out the contributor guide!

Notes

Calling the methods exposed by this package may involve remote network calls and you should thus take into account that such calls may take a long time to complete (eg. in case of poor network connection).

idToken Note: idToken is not null only if you specify a valid webClientId. webClientId corresponds to your server clientID on the developers console. It HAS TO BE of type WEB

Read iOS documentation and Android documentation for more information

serverAuthCode Note: serverAuthCode is not null only if you specify a valid webClientId and set offlineAccess to true. once you get the auth code, you can send it to your backend server and exchange the code for an access token. Only with this freshly acquired token can you access user data.

Read iOS documentation and Android documentation for more information.

Additional scopes

The default requested scopes are email and profile.

If you want to manage other data from your application (for example access user agenda or upload a file to drive) you need to request additional permissions. This can be accomplished by adding the necessary scopes when configuring the GoogleSignin instance.

Please visit https://developers.google.com/identity/protocols/googlescopes or https://developers.google.com/oauthplayground/ for a list of available scopes.

Troubleshooting

If you get a SIGN_IN_REQUIRED error code on Android from signIn(), make sure you've correctly setup the Google project including the SHA-1 of your debug and release keystores, and copied the new google-services.json in your project.

Licence

(MIT)

react-native-google-signin development dependencies

prettier

FAQs

What is react-native-google-signin?

Google Signin for your react native applications. Visit Snyk Advisor to see a full health score report for react-native-google-signin, including popularity, security, maintenance & community analysis.

Is react-native-google-signin popular?

The npm package react-native-google-signin receives a total of 1,158 weekly downloads. As such, react-native-google-signin popularity was classified as a recognized. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is react-native-google-signin well maintained?

We found indications that react-native-google-signin is an Inactive project. See the full package health analysis to learn more about the package maintenance status.

Is react-native-google-signin safe to use?

The npm package react-native-google-signin was scanned for known vulnerabilities and missing license, and no issues were found. Thus the package was deemed as safe to use. See the full health analysis review.

Last updated on 24 April-2024, at 11:29 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP