Google OAuth button not compatible with Google branding guidelines

[ahukkanen]

Describe the bug
We submitted one Decidim instance to the Google OAuth review process and it bounced back because the Google sign in button incorporated in Decidim does not meet Google's branding guidelines.

The branding guides are available for reading here:
https://developers.google.com/identity/branding-guidelines

The main issue is the displayed logo, the button itself I believe can pass easily if the color is changed accordingly to the guidelines. See for example Pinterest sign in page for proper branding:

To Reproduce
Steps to reproduce the behavior:

1. Go to any instance using Decidim's default theme + Google OAuth (e.g. Metadecidim)
2. Click "Sign in"
3. Scroll down to the OAuth buttons
4. See the button design

Expected behavior
We would expect the design to be compatible with Google's branding guidelines.

Screenshots

Stacktrace
This is a design bug, no stacktrace involved.

Extra data (please complete the following information):

• Device: Any
• Device OS: Any
• Browser: Any
• Decidim Version: Current latest stable (0.15)
• Decidim installation: Any using the default theme (e.g. MetaDecidim)

Additional context
It may be wise to also check the branding of the other services at the same time.

For Facebook, here is info about the Facebook button design:
https://developers.facebook.com/docs/facebook-login/userexperience/

Twitter doesn't provide any clear guidance regarding the button, they just ask to follow their branding guidelines which are available here:
https://about.twitter.com/en_us/company/brand-resources.html

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. @carolromero & @xabier feel free to chime in.

[ahukkanen]

This is an issue that prevents any Decidim application out there to pass the manual reviews of Facebook and Google.

[carolromero]

Hi @ahukkanen thanks for reporting and documenting this! Do you think you could do a PR to make the changes to adapt to the guidelines?

[ahukkanen]

@carolromero We unfortunately don't currently have any client willing to cover the development cost of that. They either have their own self-managed authentication system or don't care about this.

You actually only need to pass the manual review in case you want to get access to more user information through these APIs. The basic authentication will still work regardless of passing the review process.

Anyways, I think that as a platform, Decidim would benefit from complying with the 3rd party guidelines. The following would support that:

• Some organization may want to request access to more personal details than what is granted with the default settings.
• These logos are brand assets (intellectual property) of the 3rd parties. They can control who can use their assets and how. If they want, they could completely reject usage of their assets in case their guidelines are not respected.

A direct quote from Google Sign-In Branding Guidelines:

Use of Google brands in ways not expressly covered by this document is not allowed without prior written consent from Google (see the Guidelines for Third Party Use of Google Brand Features for more information).

A direct quote from Facebook Asset and Brand Guidelines:

Facebook's trademarks — including Facebook, the “f” Logo, Like Button icon, Thumb icon, Facebook Live logo, Find Us On logo, Facebook Watch logo and Messenger logo — are owned by Facebook and may only be used as provided in these guidelines or with Facebook’s permission.

[mrcasals]

@decidim/lot-px can you check this?