Back to Login

Google OAuth Setup Guide

Follow these step-by-step instructions to enable Google sign-in for regular users.

1

Create Google Cloud Project

  1. Go to Google Cloud Console
  2. Click "Select a project" → "New Project"
  3. Name: BIDigest OAuth
  4. Click "Create"
2

Configure OAuth Consent Screen

  1. In your project, go to APIs & ServicesOAuth consent screen
  2. Choose External (unless you have Google Workspace)
  3. Fill in required fields:
    • App name: BIDigest
    • User support email: hi@bidigest.com
    • Developer contact: hi@bidigest.com
  4. Click Save and Continue
  5. Scopes: Click "Add or Remove Scopes"
    • Select: email, profile, openid
    • Click "Update" → "Save and Continue"
  6. Test users (if in Testing mode): Add test user emails who can sign in
  7. Click Save and Continue → Review and click Back to Dashboard
3

Create OAuth 2.0 Credentials

  1. Go to APIs & ServicesCredentials
  2. Click + CREATE CREDENTIALSOAuth client ID
  3. Application type: Web application
  4. Name: BIDigest Web Client
  5. Authorized JavaScript origins:
    http://localhost:3000
https://bidigest.com
https://www.bidigest.com
  6. Authorized redirect URIs:
    http://localhost:3000/api/auth/callback/google
https://bidigest.com/api/auth/callback/google
https://www.bidigest.com/api/auth/callback/google
  7. Click Create
  8. ⚠️ IMPORTANT: Copy the Client ID and Client Secret immediately. You won't see the secret again!
4

Add Environment Variables

Add these to your .env.local (development) and Vercel (production):

# Google OAuth
GOOGLE_CLIENT_ID=your-client-id-here.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=your-client-secret-here
NEXT_PUBLIC_GOOGLE_ENABLED=true

For Vercel:

  1. Go to your project → SettingsEnvironment Variables
  2. Add each variable above
  3. Select environments: Production, Preview, Development
  4. Click Save
5

Verify Setup

  1. Restart your dev server: npm run dev
  2. Visit http://localhost:3000/login
  3. You should see a "Sign in with Google" button
  4. Click it and test the OAuth flow
6

Publish OAuth App (Production)

Important: In Testing mode, only test users can sign in.

To allow all users:

  1. Go to OAuth consent screen
  2. Click PUBLISH APP
  3. Confirm publishing
  4. Review process: Google may require verification for sensitive scopes (usually takes 1-2 weeks)

Troubleshooting

"Error 400: redirect_uri_mismatch"

Check that redirect URI in Google Console matches exactly: /api/auth/callback/google. Include both http://localhost:3000 and production URLs.

"Access blocked: This app's request is invalid"

App is in Testing mode → Add user as test user, or publish the app (Step 6).

Button not showing

Check NEXT_PUBLIC_GOOGLE_ENABLED=true is set. Restart dev server after adding env vars.

"Invalid client"

Verify GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET are correct. No extra spaces or quotes.

Security Notes

  • Never commit .env.local to git
  • Rotate secrets if exposed
  • Use different credentials for dev/prod (optional but recommended)
  • Monitor OAuth usage in Google Cloud Console

Need Help?