Google - Auth0

The Google integration allows users to log in to your AI Agents using their Google profile. To complete the Call other’s APIs on user’s behalf quickstart, you need to set up a Google social connection. To set up a Google social connection, you must:

Create Google OAuth credentials with the Google Auth Platform.
Configure and test a Google social connection with the Auth0 Dashboard.

Prerequisites

Google Auth Platform

The Google Auth Platform helps you manage your applications and OAuth credentials for logging in and calling Google APIs. To learn more, read Get started with the Google Auth Platform. Use the Google Auth Platform to:

Configure Google consent screen
Create Google OAuth Client

Note: If your application requests sensitive OAuth scopes or uses a custom image, Google limits it to 100 logins until the OAuth consent screen is verified. Consent screen verification may take up to several days.

When you use OAuth 2.0 for authorization, your application requests authorization for one or more scopes of access from a Google Account. Google displays a consent screen to the user, including a summary of your project, its policies, and the requested access scopes. Before creating an OAuth client ID, you must first configure the OAuth consent screen with information about your application. In the Google Cloud Console, configure your Google OAuth consent screen:

Configure Authorized domains

Navigate to Google Auth Platform > Branding. For Authorized domains, enter auth0.com. If you’re using a custom domain, enter your custom domain instead.

Configure Audience

Navigate to Google Auth Platform > Audience. For User type, select Make External. In Test Users, you can add the email addresses you want to use for testing.

Configure Data Access

Navigate to Google Auth Platform > Data Access to add or remove scopes. To learn more, read OAuth 2.0 Scopes for Google APIs.

Configure Consent screen

Follow the rest of the instructions to finish configuring your Google OAuth consent screen.

Save Changes

Select Save Changes.

Create Google OAuth Client

In the Google Cloud Console, create a new OAuth 2.0 Client:

Create Client

Navigate to Google Auth Platform > Clients. Then, select New Client.

Select Application type

For the Application type, select Web application.

Configure Client credentials

Enter the following information for your OAuth 2.0 Client:

Name: The name of your OAuth 2.0 Client.
Authorized Javascript origins: https://{YOUR_AUTH0_DOMAIN}
Authorized redirect URIs: https://{YOUR_AUTH0_DOMAIN}/login/callback

You can find the Auth0 domain in the Auth0 Dashboard.You can find this under Applications > [Your Application] > Settings > Basic Information > Domain.If you are using the custom domains feature, your Auth0 domain is the custom domain. You can find this under Branding > Custom Domains.

Complete

Select Create.

Auth0 Dashboard

Use the Auth0 Dashboard to create and configure a Google social connection with the proper OAuth credentials. Use the Auth0 Dashboard to create a new Google social connection.

Create Connection

Navigate to Authentication > Social. Select Create Connection and then Google/Gmail.

Configure Client credentials

In General, enter the client credentials from the Google OAuth 2.0 Client you created:

Client ID: The unique identifier for your application.
Client Secret: The secret used by the application to authenticate with Auth0. To learn more, read Client secret authentication.

Select Permissions

In Permissions, select all the required scopes. When you get an access token for the Google social connection, it will contain the appropriate scopes so you can use it to call the required Google APIs.

Enable Token Vault

In Advanced, toggle Enable Token Vault. This allows the connection to retrieve and store access tokens for third-party APIs securely. To learn more, read Configure Token Vault.

Save

Click Save Changes.

Enable Applications

After saving, go the Applications tab and select the applications that should use this connection.

Test connection

Once you have created your Google social connection, test your connection.

Token Vault configuration Example

To configure the Token Vault for your Google connection, you can use the following code snippet in your application:

const auth0AI = new Auth0AI();

export const withGoogleConnection = auth0AI.withTokenForConnection({
  connection: "google-oauth2",
  scopes: ["https://www.googleapis.com/auth/calendar.freebusy", ...],
  refreshToken: getAuth0RefreshToken(),
});

Account linking

If you want to use more than one connection for a user, you can link their accounts. This allows the user to log in with any of their linked accounts and have a single user profile in your application. This allows calling APIs from different providers with a single user profile. Learn more about Client-initiated account linking.

Learn more

Auth0’s Token Vault organizes the access and refresh tokens of federated connections in secure tokensets. Applications can then access the Token Vault to retrieve access tokens to call third-party APIs. To learn more, read Configure Token Vault.
Learn how to get an access token to make a tool call by completing the Call other’s APIs on user’s behalf quickstart.

​Prerequisites

​Google Auth Platform

​Configure Google consent screen

​Create Google OAuth Client

​Auth0 Dashboard

​Create Google social connection

​Test connection

​Token Vault configuration Example

​Account linking

​Learn more

Prerequisites

Google Auth Platform

Configure Google consent screen

Create Google OAuth Client

Auth0 Dashboard

Create Google social connection

Test connection

Token Vault configuration Example

Account linking

Learn more