Setting up Google SSO in a Bubble App is very easy and there are plenty of guides of how to do it. I have a few bookmarked references I use as a check list: https://www.azkytech.com/post/how-to-set-up-login-with-google-for-bubble-io-apps - this one is good and will get you through to the point where your Bubble app is ready for be verified by Google.
There are plenty of other guides also on how to create a Google SSO app and wire it into your Bubble app. It is very straight forward - once you’ve done it once or twice it is a 20 minute job.
However this doesn’t mean your App is ready to go with Google Single Sign on - in order to use Google SSO with public users - you need to be verified - meaning you need to convince Google that your aren’t using the permission they give you to access a Users data for bad purposes. Those permissions are called “scopes” by Google - you need minimal scopes for SSO.
This FAQ helps you understand the whole process: https://support.google.com/cloud/answer/9110914
When you start off Google advise it will take 6-8 weeks. I’ve completed the process in 2 weeks (with Xmas and New Year's in the middle of that process).
I did produce a video from the outset that I added in the first submission explaining how it was a built-in feature of Bubble, I only wanted to use the service for authentication of users. Producing a video is listed as one of the requirements so I thought I would get ahead of the process and create one up front and get ahead of the game. In fact no-one ever looked at this video (I know because I hosted it on Youtube and can see the views).
This is how Google explain it: https://support.google.com/cloud/answer/7454865
There is some obvious stuff that is just common sense - eg the agreements must be visible to users! Wow!
In practice what I found I needed to do for a Bubble app is
- Have a Terms of service agreements (Here are mine https://planbbackups.io/terms)
- Have these linked prominently on my Bubble app in every footer
I looked carefully through Bubble’s own Privacy and Terms of Service agreements. https://bubble.io/terms
I considered commercial services to buy template agreements - there are plenty on the web - but I thought that really only achieved what I could do with find and replace myself, and applying some common sense. Also I wanted to read and understand what I was setting out as my obligations. But in brief - I re-purposed someone else’s as base documents and added things for a Bubble specific app.
I must have got that mostly right because I received this email after a few days of pushing the “Submit for verification” button.
I noted the bolded bits so I ...
I replied to the verification email saying more or less “I’ve added these words to my policy that you can find these on these links on the homepage
We collect and use the following information to provide, improve, protect and promote our Services.
Social Logins. If you link, connect, or login to your account with a third-party service (eg, Google), we receive certain information, such as your email address from that service. This information varies and is controlled by that service or as authorized by you via your privacy settings at that service.
Account information. We collect, and associate with your account, the information you provide to us when you do things such as sign up for your account, upgrade to a paid plan and set up two-factor authentication (such as your name, email address, phone number, payment info and physical address).
A few days later I was verified.
If you were trying to get verified and you wanted the scopes to be able to read someone Google Drive - I’m sure the process would be more stringent. But it was a lot less onerous than I expected.
I did check my Google Analytics and Clarity traffic - someone from India did go and look at my Terms page 😀