Google OAuth Setup

This guide walks you through setting up Google OAuth for your application. After completing this guide, your users will be able to sign in using their Google accounts.

Prerequisites

• A Google account
• Access to Google Cloud Console
• Your application's redirect URI ready

Step 1: Create a Google Cloud Project

1. Go to the Google Cloud Console
2. Click on the project dropdown at the top of the page
3. Click New Project
4. Enter a project name (e.g., "MyApp OAuth")
5. Click Create

Tip: Use a descriptive project name that identifies your application for easier management.

Step 2: Enable Required APIs

1. In the Google Cloud Console, go to APIs & Services > Library
2. Search for "Google Identity" or "People API"
3. Click on Google Identity Services (or Google+ API for legacy) and Enable
4. For basic OAuth 2.0 flows, the OAuth consent screen and credentials are sufficient; no additional APIs are required for email/profile scopes

Step 3: Configure OAuth Consent Screen

1. Go to APIs & Services > OAuth consent screen
2. Select External user type (or Internal if using Google Workspace)
3. Click Create
4. Fill in the required information:

1. Click Save and Continue

Add Scopes

1. Click Add or Remove Scopes
2. Select the following scopes:

• email - View user's email address
• profile - View user's basic profile info
• openid - Authenticate using OpenID Connect

1. Click Update
2. Click Save and Continue

Step 4: Create OAuth Credentials

1. Go to APIs & Services > Credentials
2. Click Create Credentials > OAuth client ID
3. Select the application type:

For Web Applications

• Application type: Web application
• Name: "MyApp Web Client"
• Authorized JavaScript origins:

https://yourdomain.com
  http://localhost:3000 (for development)

• Authorized redirect URIs:

https://yourdomain.com/auth/google/callback
  http://localhost:3000/auth/google/callback

For iOS Applications

• Application type: iOS
• Name: "MyApp iOS Client"
• Bundle ID: com.yourcompany.myapp

For Android Applications

• Application type: Android
• Name: "MyApp Android Client"
• Package name: com.yourcompany.myapp
• SHA-1 certificate fingerprint: (your signing certificate)

1. Click Create
2. Save the Client ID and Client Secret

Important: Keep your Client Secret secure. Never expose it in client-side code.

Step 5: Configure in OpenDev

Now configure your Google OAuth credentials in OpenDev:

1. Log in to OpenDev Platform
2. Navigate to OAuth Channels
3. Click Add OAuth Channel or edit existing Google channel
4. Fill in the configuration:

{
  "provider": "google",
  "clientId": "YOUR_CLIENT_ID.apps.googleusercontent.com",
  "clientSecret": "YOUR_CLIENT_SECRET",
  "scopes": ["email", "profile", "openid"],
  "callbackUrl": "https://yourdomain.com/auth/google/callback"
}

Configuration Fields

Step 6: Test the Integration

1. In your application, trigger the Google OAuth flow
2. You should see the Google sign-in page
3. After authorization, you'll be redirected back with user data

Sample OAuth Response

{
  "provider": "google",
  "providerId": "123456789",
  "email": "user@gmail.com",
  "name": "John Doe",
  "avatar": "https://lh3.googleusercontent.com/..."
}

Troubleshooting

Error: redirecturimismatch

The redirect URI in your request doesn't match any authorized URIs.

Solution: Add the exact redirect URI to your Google Cloud Console credentials.

Error: invalid_client

The OAuth client was not found or credentials are wrong.

Solution: Verify your Client ID and Client Secret are correct.

Error: access_denied

The user denied the authorization request.

Solution: This is expected behavior when users click "Cancel".

Best Practices

1. Use HTTPS in production for all redirect URIs
2. Validate state parameter to prevent CSRF attacks
3. Store tokens securely using encryption
4. Implement token refresh for long-lived sessions
5. Handle errors gracefully with user-friendly messages

Related Documentation

• Google Identity Documentation
• OAuth 2.0 for Web Server Applications
• OpenDev OAuth Channels