Configuring Google Authentication

<Steps> ### Create Google OAuth Credentials

Go to Google Cloud Console
Create a new project or select an existing one
Click Create Credentials > OAuth client ID
If this is your first time, configure the OAuth consent screen first (see below)
Select Web application as the application type
Add authorized redirect URIs (see callback URL configuration below)
Click Create and save the Client ID and Client Secret

Go to APIs & Services > OAuth consent screen
Choose user type:
- External: For any Google account
- Internal: For Google Workspace organization users only
Fill in required information: app name, user support email, etc.
Add scopes: email and profile
If in testing mode, add test users

Configure Callback URL

Add to authorized redirect URIs:

<Callout type={'info'}> Callback URL format:

- Local development: `http://localhost:3210/api/auth/callback/google`
- Production: `https://your-domain.com/api/auth/callback/google`

</Callout>

Configure Environment Variables

Environment Variable	Type	Description
`AUTH_SECRET`	Required	Session encryption key, generate with `openssl rand -base64 32`
`AUTH_SSO_PROVIDERS`	Required	Set to `google`
`AUTH_GOOGLE_ID`	Required	Client ID from Google Cloud Console
`AUTH_GOOGLE_SECRET`	Required	Client Secret from Google Cloud Console

<Callout type={'tip'}> Go to 📘 Environment Variables for detailed information. </Callout> </Steps>

<Callout type={'info'}> After successful deployment, users will be able to authenticate with Google and use LobeHub. </Callout>

Common Issues

redirect_uri_mismatch Error

Ensure the callback URL configured in Google Cloud Console exactly matches your deployment address, including the protocol (http/https) and port number.

Testing Mode Limitations

If the OAuth consent screen is in testing mode, only Google accounts added as test users can sign in.

Configuring Google Authentication for LobeHub