Connect your app to Google
This article describes how to add login with Google functionality to your app. It also discusses how you can get an Access Token in order to access the Google API.
First you need to connect your Auth0 application to Google. This is summarized in the following steps:
- Generate a Client ID and Client Secret in a Google project
- Enable the Google Admin SDK Service
- Copy your Google Client ID and Client Secret keys into your Auth0 dashboard
- Enable the Google social connection in Auth0
1. Generate the Google Client ID and Client Secret
Log in to your Google account and go to the APIs & services.
Navigate to Credentials using the left-hand menu:
- On the Credentials page, click Create credentials and choose OAuth client ID.
- On the Create client id page, select Web application. In the new fields that display, set the following parameters:
|Name||The name of your web app|
|Authorized redirect URIs||
Click Create to proceed.
Client Secretwill be displayed:
Client Id and
Client Secret to enter into the Connection settings in Auth0.
2. Enable the Admin SDK Service
If you are planning to connect to Google Apps enterprise domains, you will need to enable the Admin SDK service.
Navigate to the Library page of the API Manager.
Select Admin SDK from the list of APIs:
- On the Admin SDK page, click Enable. If successful, the Enable link turns into Disable.
3. Enable the Connection in Auth0
Log in to the Auth0 Dashboard and select Connections > Social in the left navigation.
Select the connection with the Google logo to access this connection's Settings page:
Select each of your existing Auth0 Clients for which you want to enable this connection. Click Save when you're done.
Switch over to the Settings tab. Copy the
Client Secretfrom the Credentials page of your project in the Google API Manager into the fields on this page on Auth0.
Select the Permissions for each of the features you want to allow your app to access. Click Save when you're done.
4. Test Your Connection
Go back to the Connections > Social section of the Auth0 dashboard. If you have configured your connection correctly, you will see a Try icon next to the Google logo:
Click Allow in the permissions pop-up screen:
If you have configured everything correctly, you will see the It works!!! page:
5. Access Google API
Once you successfully authenticate a user, Google includes an Access Token in the user profile it returns to Auth0.
You can then use this token to call their API.
In order to get a Google Access Token, you have to retrieve the full user's profile, using the Auth0 Management API, and extract the Access Token from the response. For detailed steps refer to Call an Identity Provider API.
Once you have the token you can call the API, following Google's documentation.
Optional: Get a Refresh Token
You can also get a Refresh Token from Google in order to refresh your Access Token, once it expires.
You can do this by setting the
access_type=offline parameter when you call the Auth0
Note that you can only get a Refresh Token, if you are using one of the following OAuth 2.0 flows: