Docs

Add Google Login to Your App

This guide will show you how to add functionality to your web app that allows your users to log in with Google. Along the way, you will also learn how to get an Access Token that will allow you to access the Google API.

Private Cloud options and comparison

1. Set up your app in Google

To learn how, follow Google's Setting up OAuth 2.0 doc. During this process, Google will generate a Client ID and Client Secret for your application; make note of these.

While setting up your app, make sure you use the following settings:

  • On the OAuth consent screen, under Authorized domains, add auth0.com.
  • When asked to select an application type, choose Web application and set the following parameters:
Field Description
Name The name of your application.
Authorized JavaScript origins https://YOUR_DOMAIN
Authorized redirect URIs https://YOUR_DOMAIN/login/callback

Web App Credentials Configuration

Click Create to proceed.

  1. Your Client Id and Client Secret will be displayed:

OAuth Client ID and Secret

Save your Client Id and Client Secret to enter into the Connection settings in Auth0.

Data residency

2. Enable the Admin SDK Service

If you are planning to connect to G Suite enterprise domains, you will need to enable the Admin SDK service.

  1. Navigate to the Library page of the API Manager.

  2. Select Admin SDK from the list of APIs:

Google API Manager Library

  1. On the Admin SDK page, click Enable. If successful, the Enable link turns into Disable.

API Manager Dashboard for Admin SDK

Find your Auth0 domain name for redirects

If your Auth0 domain name is not shown above and you are not using our custom domains feature, your domain name is your tenant name, plus .auth0.com. For example, if your tenant name were exampleco-enterprises, your Auth0 domain name would be exampleco-enterprises.auth0.com and your redirect URI would be https://exampleco-enterprises.auth0.com/login/callback.

If you are using custom domains, your redirect URI will have the following format: https://<YOUR CUSTOM DOMAIN>/login/callback.

If your application requests sensitive OAuth scopes, it may be subject to review by Google.

Additional information

2. Enable the Google Admin SDK Service

To learn how, follow Google's Enable and disable APIs doc.

3. Create and enable a connection in Auth0

Set up the Google social connection in Auth0. Make sure you have the Client ID and Client Secret generated in Step 1.

4. Test the connection

You're ready to test your connection.

Access Google's API.

Once a user successfully authenticates, Google will include an Access Token in the user profile it returns to Auth0. You can use this token to call Google's API.

To get the Google Access Token, you must retrieve the full user's profile using the Auth0 Management API and extract the Access Token from the response. For detailed steps, see Call an Identity Provider's API.

Using the token, you can call Google's API following Google's documentation.

Optional: Get a Refresh Token from Google to refresh your Access Token once it expires. To ensure your application is secure, pay close attention to the restrictions on using Refresh Tokens.