View the original community article here
Last Tested: Jun 12, 2019
Google OAuth is a single-sign-on (SSO) authentication method - this means the user has to sign in only once, and then they have access to all the applications on which G OAuth is set up, automatically. They don't need to be added to any external platform, and don't need to be maintained in any way as long as they've got a first name, last name, and email that matches the GSuite domain set up on the application (in this case looker).
It's Easy to Set Up:
Compared to the likes of LDAP, SAML and OIDC, Google OAuth is very simple to set up on your instance. All you need is a GSuite account, a domain controlled by your organization, and an email address in that domain.
If you've got a GSuite account, using G OAuth is free! What's better than free?
Some Caveats -
It's Only As Secure as the Provider Makes it:
Google OAuth keeps most of your user information away from the application using it. The application just asks G OAuth whether you're good to go, and listens to whatever they say (via granting an access token). That being said, it is possible to grab an access token and authenticate as you. In basic OAuth 2.0, the access token is not just for accessing the protected resource, it carries with it the implicit notion that the possessor is the resource owner. You are putting a lot of trust in the OAuth provider and that they know what they're doing and have put additional security in place to guard against this, which isn't always true: https://www.forbes.com/sites/thomasbrewster/2018/09/29/how-facebook-was-hacked-and-why-its-a-disaster-for-internet-security/#7408ed512033
It's A Dialect:
OAuth is based on the OAuth 2 protocol, which is fairly standardized, but still has some stylistic discrepancies that means if you are using Google's OAuth system, you'd have to rewrite parts of your code to accommodate also using another OAuth system (ex: Facebook's, Amazon's, or Microsoft's).
Sources / Additional Reading:
This content is subject to limited support.