Skip to content

Google OAuth Setup

Fresh

Source: shipfa.st/docs/features/google-oauth

Prerequisites

Add to .env.local:

bash
NEXTAUTH_URL=http://localhost:3000
NEXTAUTH_SECRET=  # Random 15+ character string

Procedure

  1. Create a new project on Google Cloud Console
  2. Go to APIs & Services > Credentials
  3. Click Configure Consent Screen and fill info
    • Use ChatGPT prompts from /tos and /privacy-policy pages
    • Add userinfo.email and userinfo.profile to scope
    • Add yourself as a test user
  4. Go to Credentials > + Create Credentials > OAuth Client ID
  5. Choose Web Application
  6. Set Authorized JavaScript origins:
    • http://localhost:3000
    • https://your-site.com
  7. Set Authorized redirect URIs:
    • http://localhost:3000/api/auth/callback/google
    • https://your-site.com/api/auth/callback/google
  8. Copy Client ID to GOOGLE_ID and Client Secret to GOOGLE_SECRET in .env.local
  9. Go to OAuth Consent Screen > Publish App > submit for verification

INFO

Google will email you -- you must reply to start the verification process. You'll need domain verified with Google Search Console.

TIP

Login works on localhost immediately. On production, it works but shows a warning until verified (a few days).

The MongoDB adapter saves new users on first Google login. Configure the database first.

Verification Checklist

  • [ ] Google Cloud project created
  • [ ] Consent screen configured with scopes
  • [ ] OAuth Client ID created with correct origins and redirects
  • [ ] GOOGLE_ID and GOOGLE_SECRET in .env.local
  • [ ] App published for verification
  • [ ] Database configured for user storage

See Also