Connect your app to Google

To connect your Auth0 client to Google, you will need to generate a Client ID and Client Secret in a Google project, copy these keys into your Auth0 settings, and enable the Connection.

This doc refers to the client steps to connect your client to Google. If you are looking to manage authentication in your app, see Next Steps below.

Generate the Google Client ID and Client Secret

  1. While logged in to your Google account, go to the API Manager.

  2. Create your new app by navigating to Credentials using the left-hand menu:

API Manager Credentials

  1. While you are on the Credentials page, click on Create a project.

  2. In the dialog box that appears, provide a Project name, answer Google's email- and privacy-related questions, and click Create:

Create New Project

  1. Google will take a moment to create your project. When the process completes, Google will prompt you to create the credentials you need.

Create Google Credentials

  1. Click on Create credentials to display a pop-up menu listing the types of credentials you can create. Select the OAuth client ID option.

  2. At this point, Google will display a warning banner that says, "To create an OAuth client ID, you must first set a product name on the consent screen." Click Configure consent screen to begin this process.

Configure Consent Screen

  1. Provide a Product Name that will be shown to users when they log in through Google.

OAuth Consent Screen

  1. Click Save.

  2. At this point, you will be prompted to provide additional information about your newly-created app.

Web App Credentials Configuration

  1. Select Web application, and provide a name for your app.

  2. Under Restrictions, enter the following information:

    • Authorized JavaScript origins: https://YOUR_AUTH0_DOMAIN
    • Authorized redirect URI: https://YOUR_AUTH0_DOMAIN/login/callback
  3. Click Create. Your Client Id and Client Secret will be displayed:

OAuth Client ID and Secret

Save your Client Id and Client Secret to enter into the Connection settings in Auth0.

Enable the Admin SDK Service

If you are planning to connect to Google Apps enterprise domains, you will need to enable the Admin SDK service.

  1. Navigate to the Library page of the API Manager.

  2. Select Admin SDK from the list of APIs:

Google API Manager Library

  1. On the Admin SDK page, click Enable.

API Manager Dashboard for Admin SDK

Enable the Connection in Auth0

  1. Log in to the Auth0 Dashboard and select Connections > Social in the left navigation.

  2. Select the connection with the Google logo to access this connection's Settings page:

  1. Select each of your existing Auth0 Clients for which you want to enable this connection. Click Save when you're done.

  2. Switch over to the Settings tab. Copy the Client Id and Client Secret from the Credentials page of your project in the Google API Manager into the fields on this page on Auth0.

  3. Select the Permissions for each of the features you want to allow your app to access. Click Save when you're done.

Test Your Connection

  1. Go back to the Connections > Social section of the Auth0 dashboard. If you have configured your connection correctly, you will see a Try icon next to the Google logo:

  2. Click Try.

  3. Click Allow in the permissions pop-up screen:

If you have configured everything correctly, you will see the It works!!! page:

Obtaining the Access Token and Refresh Token

The access_token returned by Google can be obtained after the user has logged in by making an HTTP GET request to the /api/v2/user/{user-id} endpoint containing an Auth0 API token generated with read:user_idp_tokens scope. The access_token for the IdP will be available in the identities array, under the element for the particular connection.

For more information, please refer to the Management API documentation

You can also request a refresh_token from Google by passing along the access_type=offline parameter when calling the Auth0 /authorize endpoint (or passing it in auth.params when using Lock).

The refresh_token can be retrieved in the same manner as described for the access_token above.

Next Steps

Now that you have a working connection, the next step is to configure your application to use it. You can follow our step-by-step quickstarts or use directly our libraries and API.