Can't understand ITK widget behavior

[Idan Shechter]

I am testing Google Identity Toolkit as the main login mechanism for my website.

When I click the 'Sign in' button, a popup window opens with www.accountchooser.com with an option to choose a Google account.

1) Is  there an option to show the social login buttons without going through the OpenID page, which I personally don't understand why not showing the user the Facebook button in the first place and let him choose

2) When I am logged out of my Google account on my computer, I can still see my two registered email account in the 'Choose an account' list on www.accountchooser.com. It shouldn't be there. And second, when I click one of my Google accounts, it shows me a sign in page to feel in a password, but it shows that form on my localhost page, not on google one, why?

I don't understand this widget behavior.. Can someone explain to me what it works this way. Seems very unfriendly to the user.

[Harry Singh]

You can disable accountchooser but even then it won't show all the social login buttons. It will show the email field only. I also find this idea of not directly showing all providers completely weird and illogical. I've seen similar comments from other developers too and I really hope that the Google Identity Toolkit team takes notice and provide an option to directly show all the IDPs on the first page. I don't buy the argument that their current flow reduces friction in the login flow.

I have been working in enterprise software development/support for 15+ years and when I first encountered the GIT login flow, I was totally confused with its behavior. I'm pretty sure that if I'm confused then an average user of an online application would not find it intuitive either.

[Bassam Ojeil]

For the web identity toolkit, the email first mode is enabled by default, along with accountchooser.com. If you wish to show the list of providers on first load (as it is done in the mobile clients), you will need to enable provider first mode. This is done by passing the following config field when initializing the identity toolkit widget:

displayMode: 'providerFirst'

The default value is:

displayMode: 'emailFirst'

To disable accountchooser.com, you can follow the instruction on the documentation site:

https://developers.google.com/identity/toolkit/web/setup-frontend

[Bassam Ojeil]

Disabling Account Chooser from the sign in flow is not recommended. Check our updated documentation on this matter (the html snippet on that page):

https://developers.google.com/identity/toolkit/web/setup-frontend

However if you wish to do so, you will need to pass the following field when initializing the identity toolkit widget:

accountChooserEnabled: false,

To have the provider buttons displayed at the start of the sign in process, you will need to enable provider first mode. Email first mode is enabled by default.

This is done by passing the following config field when initializing the identity toolkit widget:

displayMode: 'providerFirst'

As for your second question, did you sign up for a password account using your google emails? If so then when selected again they would go through the password sign in flow.

Accountchooser.com will still show accounts after sign out. One of the main advantages of it is that it minimizes the need for the user to remember the emails he used to sign up with and eliminates the need to retype the email especially on mobile devices.