Connect your app to Google

This article describes how to add login with Google functionality to your app. It also discusses how you can get an Access Token in order to access the Google API.

First you need to connect your Auth0 application to Google. This is summarized in the following steps:

  1. Generate a Client ID and Client Secret in a Google project
  2. Enable the Google Admin SDK Service
  3. Copy your Google Client ID and Client Secret keys into your Auth0 dashboard
  4. Enable the Google social connection in Auth0

If your client requests sensitive OAuth scopes, it may be subject to review by Google.

1. Generate the Google Client ID and Client Secret

  1. Log in to your Google account and go to the APIs & services.

  2. Navigate to Credentials using the left-hand menu:

API Manager Credentials

  1. On the Credentials page, click Create credentials and choose OAuth client ID.

Create New Credentials

  1. On the Create client id page, select Web application. In the new fields that display, set the following parameters:
Field Description
Name The name of your web app
Authorized JavaScript origins https://YOUR_AUTH0_DOMAIN
Authorized redirect URIs https://YOUR_AUTH0_DOMAIN/login/callback

Web App Credentials Configuration

Click Create to proceed.

  1. Your Client Id and Client Secret will be displayed:

OAuth Client ID and Secret

Save your Client Id and Client Secret to enter into the Connection settings in Auth0.

2. Enable the Admin SDK Service

If you are planning to connect to Google Apps enterprise domains, you will need to enable the Admin SDK service.

  1. Navigate to the Library page of the API Manager.

  2. Select Admin SDK from the list of APIs:

Google API Manager Library

  1. On the Admin SDK page, click Enable. If successful, the Enable link turns into Disable.

API Manager Dashboard for Admin SDK

3. Enable the Connection in Auth0

  1. Log in to the Auth0 Dashboard and select Connections > Social in the left navigation.

  2. Select the connection with the Google logo to access this connection's Settings page:

  1. Select each of your existing Auth0 Clients for which you want to enable this connection. Click Save when you're done.

  2. Switch over to the Settings tab. Copy the Client Id and Client Secret from the Credentials page of your project in the Google API Manager into the fields on this page on Auth0.

  3. Select the Permissions for each of the features you want to allow your app to access. Click Save when you're done.

4. Test Your Connection

  1. Go back to the Connections > Social section of the Auth0 dashboard. If you have configured your connection correctly, you will see a Try icon next to the Google logo:

  2. Click Try.

  3. Click Allow in the permissions pop-up screen:

If you have configured everything correctly, you will see the It works!!! page:

5. Access Google API

Once you successfully authenticate a user, Google includes an Access Token in the user profile it returns to Auth0.

You can then use this token to call their API.

In order to get a Google Access Token, you have to retrieve the full user's profile, using the Auth0 Management API, and extract the Access Token from the response. For detailed steps refer to Call an Identity Provider API.

Once you have the token you can call the API, following Google's documentation.

For more information on these tokens, refer to Identity Provider Access Tokens.

Optional: Get a Refresh Token

You can also get a Refresh Token from Google in order to refresh your Access Token, once it expires.

You can do this by setting the access_type=offline parameter when you call the Auth0 /authorize endpoint.

If you use Lock you can set this parameter in the params object.

Note that you can only get a Refresh Token, if you are using one of the following OAuth 2.0 flows:

A Single Page Application (normally implementing the Single-Page Login Flow) should not under any circumstances get a Refresh Token. The reason for that is that the SPA is a public client and as such cannot hold credentials securely.