_navbar.html.erb

      <% if user_signed_in? %>

       <% else %>
      <span id="devise-signin">
        <%= link_to t(".log_in"), new_user_session_path, class: 'nav-link' %>
        <%= link_to t(".sign_up"), new_user_registration_path, class: 'btn btn-primary' %>
      </span>
      <script>
        function continueWithNextIdp(notification) {
          console.log("continueWithNextIdp")
          console.log(`notification.isDisplayed: ${notification.isDisplayed()}`)
          console.log(`notification.isDisplayMoment: ${notification.isDisplayMoment()}`)
          console.log(`notification.isSkippedMoment: ${notification.isSkippedMoment()}`)
          console.log(`notification.getMomentType: ${notification.getMomentType()}`)
          console.log(`notification.getNotDisplayedReason: ${notification.getNotDisplayedReason()}`)
          console.log(`notification.getDismissedReason: ${notification.getDismissedReason()}`)
          if (notification.isDisplayed()) {
            document.getElementById('devise-signin').classList.add("hidden")
          } else {
            document.getElementById('devise-signin').classList.remove("hidden")
          }
        }
      </script>
      <% end %>

application_helper.rb

module ApplicationHelper
  # support User#external_avatar_url for Google One Tap avatars
  def avatar_url_for(user, opts = {})
    size = opts[:size] || 48

    if user.respond_to?(:avatar) && user.avatar.attached? && user.avatar.variable?
      user.avatar.variant(combine_options: {
        thumbnail: "#{size}x#{size}^",
        gravity: "center",
        extent: "#{size}x#{size}"
      })
    elsif user.respond_to?(:external_avatar_url) && user.external_avatar_url
      user.external_avatar_url
    else
      hash = Digest::MD5.hexdigest(user.email.downcase)
      "https://secure.gravatar.com/avatar/#{hash}.png?height=#{size}&width=#{size}"
    end
  end

Gemfile

gem "google-id-token"

google_auth_controller.rb

class GoogleAuthController < ApplicationController
  include Devise::Controllers::SignInOut

  skip_before_action :verify_authenticity_token

  def login
    if !cookies[:g_csrf_token] || !params[:g_csrf_token] || params[:g_csrf_token] != cookies[:g_csrf_token]
      return render text: "400 Missing g_csrf_token", status: 400
    end

    id_token = params[:credential]

    validator = GoogleIDToken::Validator.new
    payload = validator.check(id_token, ENV["GOOGLE_CLIENT_ID"], ENV["GOOGLE_CLIENT_ID"])

    name = payload["name"]
    email = payload["email"]
    avatar_url = payload["picture"]
    unless user = User.find_by(email: email)
      user = User.create!(
        email: email,
        name: name,
        password: SecureRandom.hex,
        terms_of_service: true,
        external_avatar_url: avatar_url
      )
    end
    sign_in(user)

    redirect_to root_path
  end

  # developers can clear exponential delete g_state from cookies
  # https://stackoverflow.com/a/64055782/36170
  def clear
    cookies.delete(:g_state)
    redirect_back(fallback_location: "/")
  end
end

index-or-navbar.html.erb

<div class="py-32 max-w-2xl m-auto text-center flex flex-col items-center justify-center">
  <h1 class="mb-2">Welcome to Jumpstart</h1>
  <p class="mb-6 text-gray-700 leading-normal text-xl">Jumpstart is the perfect starting point for your next Ruby on Rails app. Skip the boilerplate setup and build your app faster.</p>

  <div id="g_id_onload" 
       data-cancel_on_tap_outside="false" 
       data-moment_callback="continueWithNextIdp" 
       data-context="use" 
       data-prompt_parent_id="g_id_onload" 
       data-auto_select="true" 
       data-login_uri="http://localhost:5000/auth/google/login" 
       data-client_id="your-thing-xxxxxxx.apps.googleusercontent.com"></div>

routes.rb

Rails.application.routes.draw do
  post "/auth/google/login", to: "google_auth#login"
  get "/auth/google/clear", to: "google_auth#clear"