Google OAuth Setup
⚠️ Important: The screenshots and step-by-step instructions on this page
reflect the interface as of December 2025. Third-party services like Google, Facebook,
and Microsoft frequently update their user interfaces. While the general process remains
similar, the exact screens, button labels, and menu locations may differ from what you see.
If you encounter significant differences, consult the provider's official documentation.
This guide walks you through setting up Google OAuth authentication for your site.
Quick Setup (Already Have Credentials?)
If you already have a Google OAuth Client ID and Secret, just add them to appsettings.json:
{
"Authentication": {
"EnableGoogleAuth": true,
"Google": {
"ClientId": "your-client-id.apps.googleusercontent.com",
"ClientSecret": "your-client-secret"
}
}
}Ensure your redirect URI is configured: https://yourdomain.com/signin-google
Prerequisites
- A Google account
- Access to the Google Cloud Console
Step 1: Create a Google Cloud Project
- Go to the Google Cloud Console
- Click the project dropdown at the top of the page
- Click New Project
- Enter a project name (e.g., "My Web App")
- Click Create
- Wait for the project to be created, then select it
Step 2: Configure OAuth Consent Screen
- In the left sidebar, navigate to APIs & Services → OAuth consent screen
- Select External user type (unless you have a Google Workspace organization)
- Click Create
- Fill in the required fields:
- App name: Your application name
- User support email: Your email address
- Developer contact email: Your email address
- Click Save and Continue
- On the Scopes page, click Add or Remove Scopes
- Select the following scopes:
emailprofileopenid
- Click Update, then Save and Continue
- Add test users if in testing mode, then click Save and Continue
Step 3: Create OAuth Credentials
- In the left sidebar, go to APIs & Services → Credentials
- Click + Create Credentials → OAuth client ID
- Select Web application as the application type
- Enter a name (e.g., "Web Client")
- Under Authorized redirect URIs, add:
- For development:
https://localhost:{port}/signin-google - For production:
https://yourdomain.com/signin-google
- For development:
- Click Create
- Copy the Client ID and Client Secret
Important: Keep your Client Secret secure! Never commit it to
source control or expose it in client-side code.
Step 4: Configure Your Application
Add the credentials to your appsettings.json:
{
"Authentication": {
"EnableGoogleAuth": true,
"Google": {
"ClientId": "your-client-id.apps.googleusercontent.com",
"ClientSecret": "your-client-secret"
}
}
}
For Development: Use User Secrets instead of appsettings.json:
dotnet user-secrets set "Authentication:Google:ClientId" "your-client-id"
dotnet user-secrets set "Authentication:Google:ClientSecret" "your-client-secret"Redirect URI Format
| Environment | Redirect URI |
|---|---|
| Development | https://localhost:5001/signin-google |
| Production | https://yourdomain.com/signin-google |
Troubleshooting
- Error: redirect_uri_mismatch
- The redirect URI in your request doesn't match any authorized URIs. Check that the URI in Google Cloud Console exactly matches your application's callback URL, including the port number and protocol (https).
- Error: access_denied
- The user denied the permission request, or the app is in testing mode and the user isn't added as a test user.
- Error: invalid_client
- Check that your Client ID and Client Secret are correct and properly configured.