Connect your App to Google

To connect your Auth0 client to Google, you will need to:

  1. Generate a Client ID and Client Secret in a Google project
  2. Enable the Google Admin SDK Service
  3. Copy your Google Client ID and Client Secret keys into your Auth0 settings
  4. Enable the Connection

Google OAuth clients requesting sensitive OAuth scopes may be subject to review by Google.

1. Generate the Google Client ID and Client Secret

  1. Log in to your Google account and go to the APIs & services.

  2. Navigate to Credentials using the left-hand menu:

API Manager Credentials

  1. On the Credentials page, click Create credentials and choose OAuth client ID.

Create New Credentials

  1. On the Create client id page, select Web application. In the new fields that display, set the following parameters:
Field Description
Name The name of your web app
Authorized JavaScript origins https://YOUR_AUTH0_DOMAIN
Authorized redirect URIs https://YOUR_AUTH0_DOMAIN/login/callback

Web App Credentials Configuration

Click Create to proceed.

  1. Your Client Id and Client Secret will be displayed:

OAuth Client ID and Secret

Save your Client Id and Client Secret to enter into the Connection settings in Auth0.

2. Enable the Admin SDK Service

If you are planning to connect to Google Apps enterprise domains, you will need to enable the Admin SDK service.

  1. Navigate to the Library page of the API Manager.

  2. Select Admin SDK from the list of APIs:

Google API Manager Library

  1. On the Admin SDK page, click Enable. If successful, the Enable link turns into Disable.

API Manager Dashboard for Admin SDK

3. Enable the Connection in Auth0

  1. Log in to the Auth0 Dashboard and select Connections > Social in the left navigation.

  2. Select the connection with the Google logo to access this connection's Settings page:

  1. Select each of your existing Auth0 Clients for which you want to enable this connection. Click Save when you're done.

  2. Switch over to the Settings tab. Copy the Client Id and Client Secret from the Credentials page of your project in the Google API Manager into the fields on this page on Auth0.

  3. Select the Permissions for each of the features you want to allow your app to access. Click Save when you're done.

4. Test Your Connection

  1. Go back to the Connections > Social section of the Auth0 dashboard. If you have configured your connection correctly, you will see a Try icon next to the Google logo:

  2. Click Try.

  3. Click Allow in the permissions pop-up screen:

If you have configured everything correctly, you will see the It works!!! page:

5. Obtain the Access Token and Refresh Token

The access_token returned by Google can be obtained after the user has logged in by making an HTTP GET request to the /api/v2/user/{user-id} endpoint containing an Auth0 API access token generated with read:user_idp_tokens scope. The access_token for the IdP will be available in the identities array, under the element for the particular connection.

Please see Call an Identity Provider API for additional details.

You can also request a refresh_token from Google by passing along the access_type=offline parameter when calling the Auth0 /authorize endpoint (or passing it in auth.params when using Lock).

If you need a refresh token, only the following OAuth 2.0 flows can retrieve them:

Next Steps

Now that you have a working connection, the next step is to configure your application to use it. You can follow our step-by-step quickstarts or use directly our libraries and API.