TaxItEasyTaxItEasy
Sign in Get started — free
Browse the knowledge base

Using Sign in with Google

all Updated Thu May 21 2026 00:00:00 GMT+0000 (Coordinated Universal Time)

Click Sign in with Google on the login or register screen. You consent to share your email address only; we never get your password, Drive, contacts, or anything else. You can mix Google sign-in with a password on the same account and switch freely. 2FA still applies after Google sign-in.

When to use Google sign-in

Faster than typing email + password every time, and skips the 6-digit email verification step on first signup. If you already use Gmail, Workspace, or any Google service, you can use the same account to sign in to TaxItEasy.

Google sign-in is a convenience, not a tighter security model. Two-factor authentication still applies after Google sign-in — see the does Google sign-in skip 2FA section below.

If you have a password on the account, you can still use Google sign-in (and vice versa). They're not mutually exclusive — see mixing Google sign-in and password below.

The walk-through

Step 1 — find the button

On either the login or register page at app.taxiteasy.org, the Sign in with Google button sits next to the email + password form. Same button on both pages; it auto-detects whether your Google email matches an existing TaxItEasy account.

Step 2 — consent on Google's side

Click the button. You're redirected to accounts.google.com, signed in there if you aren't already, and shown Google's consent screen. The screen explicitly lists what we're requesting:

  • Your email address — to know who you are.
  • Your basic profile — name and profile picture, for display in the app.

That's the entire scope. We do not request:

  • Drive, Calendar, Contacts, or any other Google service
  • The ability to send email on your behalf
  • The ability to read your Gmail (that's a separate, opt-in OAuth scope for email integration — not for sign-in)
  • Your Google password (Google never shares passwords with third parties; we couldn't get it even if we wanted to)

Read the scope line on the consent screen before you click Allow. Anything beyond email + profile would be a red flag.

Step 3 — redirected back signed in

After you click Allow, Google redirects you to TaxItEasy with a signed OpenID Connect ID token. We verify the token's signature against Google's public keys (https://www.googleapis.com/oauth2/v3/certs) before trusting it. If the signature is invalid (replay attack, MITM with a wrong cert), we reject the sign-in with a clear error.

First time signing in: a new TaxItEasy account is created with your Google email. You then go through the onboarding wizard (see the wizard explained) — minus the 6-digit verification step, since Google has already verified you.

Second time and beyond: you're just signed in. The same Google account always lands on the same TaxItEasy account.

Step 4 — if 2FA is enabled

If you've enabled 2FA on your TaxItEasy account (we strongly recommend you do — see enable 2FA), the 6-digit code prompt still appears after Google sign-in. Two factors, both required:

  • Google sign-in proves you control the email address.
  • 2FA code proves you're the same person who set up TaxItEasy on that email.

This means even if someone phished your Google credentials, they still need your TaxItEasy 2FA code to get into your data.

What we get from Google

A signed OpenID Connect ID token, parsed to:

  • email — your verified Google address
  • email_verified — boolean confirmation from Google that the email is verified
  • sub — the immutable Google user ID (used as the account-link key, in case you change emails)
  • name — display name
  • picture — URL to your Google profile picture

We store the sub permanently (it's how we recognise you on subsequent sign-ins) and the email + name + picture as user-profile fields. We do not store the ID token itself after verification; tokens are single-use credentials and are dropped after the sign-in flow completes.

Mixing Google sign-in and password

You can use both on the same account. Two ways to set this up:

You signed up with Google, want to add a password: Settings → Account → Password → Set password. Enter a long passphrase, save. From then on, you can sign in with either method.

You signed up with password, want to add Google sign-in: Settings → Account → Connected accounts → Connect Google. You go through Google's consent screen once, and the Google account is linked to your existing TaxItEasy user.

When to bother with both:

  • Travel + colleague's laptop where Google sign-in might land on the wrong Google account.
  • Backup access in case Google rate-limits your account temporarily.
  • Workspace policy might revoke our OAuth grant — having a password lets you sign in directly without re-going-through-Google.

The two paths land on the exact same account; there's no merging or "two accounts to reconcile" problem.

Does Google sign-in skip 2FA?

No. If you have 2FA enabled on your TaxItEasy account, you still need to enter your 6-digit authenticator code after Google sign-in. This is intentional, not a bug.

The reasoning: Google sign-in verifies who you are (email). 2FA verifies you're the same person who set up TaxItEasy on that email. These are two independent factors — having compromised one (phished Google password) doesn't automatically compromise the other (need physical access to your authenticator app).

Some sites treat Google sign-in as 2FA-equivalent ("you used Google, no need for our 2FA"). We don't, because Google passwords get phished routinely, and we'd rather have an extra factor on top of the most-phished credential on earth.

Revoking access on Google's side

If you ever want to break the link from your Google account: go to myaccount.google.com → Security → Third-party connections. Find TaxItEasy and click Remove access. From then on:

  • The OpenID Connect link is severed at Google's side.
  • Future "Sign in with Google" clicks for TaxItEasy will go through the consent screen again (or fail if you've explicitly blocked the app).
  • Your TaxItEasy account is unaffected — you can still sign in with your password.

If you only had Google sign-in and no password, run the password-reset flow first (Forgot password on the login page) to set a password — then revoke Google. Otherwise you'd lock yourself out of TaxItEasy.

Troubleshooting

I have Google accounts at work and personal — which one am I signed in as? TaxItEasy uses whatever Google account your browser is currently logged into. If you click Sign in with Google and end up on the wrong account, sign out of Google or open an incognito/private window. Some browsers (Chrome with multiple Google profiles) let you pick on the consent screen.

I never set a password — now I can't sign in with Google. Use the password-reset flow. On the login page, click Forgot password, enter your email, get a reset link, set a fresh password. Then re-enable Google sign-in from Settings → Account → Connected accounts. The reset works as long as we can email you; it doesn't matter how you originally signed up.

My Workspace admin blocks third-party OAuth. Many Google Workspace tenants restrict which third-party apps users can authorise. If you click Allow on the consent screen and see "Access blocked — admin policy", your admin has to approve TaxItEasy as an allowed app. The alternative is to sign up with email + password instead — you don't lose anything; Google sign-in is just a convenience.

I want to revoke TaxItEasy's access from my Google account. See revoking access above. Set a password first if you don't have one, otherwise you'll be locked out.

Sign in with Google says my email doesn't match an existing TaxItEasy account, but I'm sure it does. This happens when your TaxItEasy account email was an alias (like [email protected]) and Google's ID token returns the canonical address ([email protected]). Both are the same Gmail inbox but different strings to TaxItEasy. Sign in with email + password using the alias address, then in Settings → Account → Email, change to the canonical address, and re-link Google.

I changed my Google email — will TaxItEasy follow? No. We link to the immutable sub (Google user ID), so even if you change your Google email, the TaxItEasy sign-in still works. The display name and email in your TaxItEasy profile update on next sign-in.

Google says my account has a security alert and disabled OAuth. That's between you and Google. Resolve the security alert in your Google account first; TaxItEasy sign-in starts working again once Google re-enables OAuth on your account.

Related

Didn't answer your question? Write to [email protected] · the AI chat in the bottom-right corner answers most common questions.