> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev.auth0-mintlify.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Add Google Login to Your App

> Learn how to add Sign In with Google to your application using Auth0. Configure a Google social connection with OAuth 2.0 to let users authenticate with their Google accounts.

Auth0 supports sign in with Google, allowing your users to authenticate with their Google accounts through <Tooltip tip="OAuth 2.0: Authorization framework that defines authorization protocols and workflows." cta="View Glossary" href="/docs/glossary?term=OAuth+2.0">OAuth 2.0</Tooltip>. Adding Google as a social login option provides a fast, familiar sign-in experience that most users already trust.

To set up a Google social connection, you must:

1. Create Google OAuth credentials with the Google Auth Platform.
2. Configure and test a Google social connection with the Auth0 Dashboard.

<Card title="Before you start">
  Before you configure Google as a social connection, you need:

  1. An [Auth0 account](https://auth0.com/signup). If you do not have one, you can sign up for free.
  2. A [Google Developer account](https://console.cloud.google.com/).
  3. A [Google Project](https://developers.google.com/workspace/guides/create-project).
  4. An application registered in the [Auth0 Dashboard](https://manage.auth0.com/#/applications).
</Card>

## Google Auth Platform

The Google Auth Platform is a section within the [Google Cloud Console](https://console.cloud.google.com/) that helps you manage your applications and OAuth credentials for logging in and calling Google APIs. To learn more, read [Get started with the Google Auth Platform](https://developers.google.com/identity/protocols/oauth2) on Google's documentation.

Use the Google Auth Platform to:

1. Configure the Google consent screen.
2. Create a Google OAuth 2.0 Client.

### Configure the Google consent screen

Before creating an OAuth client ID, you must configure the OAuth consent screen with information about your application. When you use OAuth 2.0 for authorization, your application requests one or more scopes of access from a Google Account. Google displays a consent screen to the user, including a summary of your project, its policies, and the requested access scopes.

<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
  If your application requests sensitive OAuth scopes or uses a custom image, [Google limits it to 100 logins until the OAuth consent screen is verified](https://support.google.com/cloud/answer/10311615). Consent screen verification may take up to several days.
</Callout>

In the Google Cloud Console, [configure your Google OAuth consent screen](https://support.google.com/cloud/answer/10311615):

<Steps>
  <Step title="Configure branding">
    Navigate to **Google Auth Platform > Branding**. For **Authorized domains**, enter `auth0.com`. If you are using a custom domain, enter your custom domain instead.
  </Step>

  <Step title="Configure audience">
    Navigate to **Google Auth Platform > Audience**. For **User type**, select **Make External**. In **Test Users**, you can add the email addresses you want to use for testing.
  </Step>

  <Step title="Configure data access">
    Navigate to **Google Auth Platform > Data Access** to add or remove scopes. To learn more, read [OAuth 2.0 Scopes for Google APIs](https://developers.google.com/identity/protocols/oauth2/scopes) on Google's documentation.
  </Step>

  <Step title="Save your changes">
    Follow the rest of the instructions to finish configuring your Google OAuth consent screen. Select **Save Changes**.
  </Step>
</Steps>

### Create a Google OAuth 2.0 Client

To create a Google OAuth 2.0 Client, you need your Auth0 domain, which you can find in the Auth0 Dashboard.

Navigate to [Auth0 Dashboard > Settings > Custom Domains](https://manage.auth0.com/#/custom_domains) to find your domain:

* If you have not configured a custom domain, your Auth0 domain name is `YOUR_TENANT_NAME.YOUR_REGIONAL_SUBDOMAIN.auth0.com`. Your redirect URI is `https://YOUR_TENANT_NAME.YOUR_REGIONAL_SUBDOMAIN.auth0.com/login/callback`.
* If you have configured a custom domain, use your custom domain instead. Your redirect URI is `https://YOUR_CUSTOM_DOMAIN/login/callback`.

<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
  If you created your US tenant before June 2020, your Auth0 domain name does not include the regional subdomain: `YOUR_TENANT_NAME.auth0.com`.
</Callout>

In the Google Cloud Console, create a new OAuth 2.0 Client:

<Steps>
  <Step title="Create a new client">
    Navigate to **Google Auth Platform > Clients**. Select **New Client**.
  </Step>

  <Step title="Select the application type">
    For the **Application type**, select **Web application**.
  </Step>

  <Step title="Enter your client details">
    Enter the following information for your OAuth 2.0 Client:

    | **Field**                         | **Value**                            |
    | --------------------------------- | ------------------------------------ |
    | **Name**                          | The name of your OAuth 2.0 Client    |
    | **Authorized JavaScript origins** | `https://YOUR_DOMAIN`                |
    | **Authorized redirect URIs**      | `https://YOUR_DOMAIN/login/callback` |

    Replace `YOUR_DOMAIN` with the Auth0 domain you found in the previous step.
  </Step>

  <Step title="Create the client">
    Select **Create**. Copy the **Client ID** and **Client Secret** that Google displays.
  </Step>
</Steps>

## Configure Auth0

Use the Auth0 Dashboard to create and configure a Google social connection with the OAuth credentials you created.

<Steps>
  <Step title="Create a Google social connection">
    Navigate to [Auth0 Dashboard > Authentication > Social](https://manage.auth0.com/#/social). Select **Create Connection** and then **Google/Gmail**.
  </Step>

  <Step title="Enter a name and your Google credentials">
    In **General**, enter a **Name** for the connection and the client credentials from the Google OAuth 2.0 Client you created:

    * **Client ID**: The unique identifier for your application.
    * **Client Secret**: The secret used by Auth0 to authenticate with Google on behalf of your application.
  </Step>

  <Step title="Select permissions and save">
    Select any permissions you want to enable for the connection. Most applications need **Basic Profile** for the user's email and verified email flag, and **Extended Profile** for name, photo, and other profile details.

    Select **Save Changes**.
  </Step>
</Steps>

## Test the connection

Once you have created your Google social connection, verify that it works before deploying to production.

1. Navigate to [Auth0 Dashboard > Authentication > Social](https://manage.auth0.com/#/social).
2. Select the Google connection from the list.
3. Select **Try Connection**.
4. Authenticate with your Google account when prompted.
5. Confirm that Auth0 returns user profile data, including the user's name and email address.

## Keep reading

* [Add Sign In with Google to Native Android Apps](/docs/authenticate/identity-providers/social-identity-providers/google-native)
* [Test Social Connections Using Auth0 Developer Keys](/docs/authenticate/identity-providers/social-identity-providers/devkeys)
* [Create Custom Social Connections](/docs/authenticate/identity-providers/social-identity-providers/oauth2)