Appearance
Google OAuth Setup
FreshSource: shipfa.st/docs/features/google-oauth
Prerequisites
Add to .env.local:
bash
NEXTAUTH_URL=http://localhost:3000
NEXTAUTH_SECRET= # Random 15+ character stringProcedure
- Create a new project on Google Cloud Console
- Go to APIs & Services > Credentials
- Click Configure Consent Screen and fill info
- Use ChatGPT prompts from
/tosand/privacy-policypages - Add
userinfo.emailanduserinfo.profileto scope - Add yourself as a test user
- Use ChatGPT prompts from
- Go to Credentials > + Create Credentials > OAuth Client ID
- Choose Web Application
- Set Authorized JavaScript origins:
http://localhost:3000https://your-site.com
- Set Authorized redirect URIs:
http://localhost:3000/api/auth/callback/googlehttps://your-site.com/api/auth/callback/google
- Copy Client ID to
GOOGLE_IDand Client Secret toGOOGLE_SECRETin.env.local - Go to OAuth Consent Screen > Publish App > submit for verification
INFO
Google will email you -- you must reply to start the verification process. You'll need domain verified with Google Search Console.
TIP
Login works on localhost immediately. On production, it works but shows a warning until verified (a few days).
The MongoDB adapter saves new users on first Google login. Configure the database first.
Verification Checklist
- [ ] Google Cloud project created
- [ ] Consent screen configured with scopes
- [ ] OAuth Client ID created with correct origins and redirects
- [ ] GOOGLE_ID and GOOGLE_SECRET in .env.local
- [ ] App published for verification
- [ ] Database configured for user storage