Documentation / Google Oauth

Google OAuth — Next Steps & External Setup

Everything you need to do outside the codebase to enable Google OAuth login.

1. Rails Credentials

Run bin/rails credentials:edit and add:

google_oauth:
  client_id: "YOUR_GOOGLE_CLIENT_ID.apps.googleusercontent.com"
  client_secret: "YOUR_GOOGLE_CLIENT_SECRET"

2. Create a Google Cloud Project

  1. Go to Google Cloud Console
  2. Create a new project (or select an existing one)
  3. For basic Google login, you usually do not need to enable any extra API
  4. If you later need extended Google profile or contact data beyond sign-in, go to APIs & Services → Library and enable Google People API

Note: Do not use Google+ API guidance. That API is deprecated.

3. Create OAuth 2.0 Credentials

  1. Go to APIs & Services → Credentials
  2. Click Create Credentials → OAuth client ID
  3. Application type: Web application
  4. Name: YourApp Production (or whatever you prefer)
  5. Authorized JavaScript origins: 
    https://yourdomain.com
  6. Authorized redirect URIs: 
    https://yourdomain.com/users/auth/google_oauth2/callback
  7. Click Create
  8. Copy the Client ID and Client Secret into your Rails credentials under google_oauth
  1. Go to APIs & Services → OAuth consent screen
  2. User type: External (unless you only want internal Google Workspace users)
  3. Fill in:
    • App name
    • User support email
    • Developer contact email
  4. Scopes: Add email and profile to match the app configuration
  5. Test users: Add your email for testing (required while in "Testing" status)
  6. Publish the app when ready for production (otherwise only test users can log in)

5. For Development / Staging

Add additional redirect URIs:

http://localhost:3000/users/auth/google_oauth2/callback
https://staging.yourdomain.com/users/auth/google_oauth2/callback

Important: Google OAuth will NOT work without credentials configured. The "Sign in with Google" button will simply not appear — this is by design (graceful degradation).

Cost note: For login-only usage, Google OAuth is typically free. Costs usually appear only if you add other Google Cloud services or separate Google APIs beyond basic sign-in.

6. Deployment Checklist

  • Google Cloud project created
  • OAuth 2.0 credentials created with correct redirect URI
  • OAuth consent screen configured and published
  • google_oauth.client_id and google_oauth.client_secret in Rails credentials
  • Visit /users/sign_in — "Sign in with Google" button appears
  • Test Google OAuth login end-to-end
  • Existing user with same email can link Google account
  • New OAuth user gets personal organization auto-created