Back to Documentation

Google OAuth Setup Guide

Setting Up Google OAuth for Your App

This guide will walk you through the process of setting up Google OAuth 2.0 authentication for Eva integration.

Prerequisites

  • A Google account with access to Google Cloud Console
  • Your application's domain (e.g., https://eva.foxio.io)

Step 1: Create a Google Cloud Project

  1. Go to the Google Cloud Console:
    https://console.cloud.google.com/
  2. Click Select a project (top-left) and then click New Project.
  3. Enter a Project Name (e.g., "Eva OAuth Integration"), select an Organization (if applicable), and click Create.
  4. Wait for the project to be created and ensure it's selected in the project dropdown.

Step 2: Enable Google OAuth APIs

  1. In the Google Cloud Console, navigate to APIs & Services > Library.
  2. Search for and enable the Google Identity Platform (OAuth 2.0).

Step 3: Configure OAuth Consent Screen

  1. Go to APIs & Services > OAuth consent screen.
  2. Select User Type:
    • Choose Internal for organization-only access
    • Choose External for public access
  3. Fill in the required information:
    • App name: Your application name (e.g., "Eva")
    • User support email: Your support email
    • App logo: Upload your app logo (optional)
    • Application home page: Your app URL (e.g., https://eva.foxio.io)
    • Authorized domains: Add your domain (e.g., eva.foxio.io)
    • Developer contact information: Your contact email
  4. Click Save and Continue.
  5. On the Scopes page, add the following OAuth scopes:
    • .../auth/userinfo.email (View email address)
    • .../auth/userinfo.profile (View basic profile info)
    • openid (Authenticate using OpenID Connect)
  6. Review and save your configuration.
  7. If you selected "External" user type, click Publish App to make it available.

Step 4: Create OAuth 2.0 Credentials

  1. Go to APIs & Services > Credentials.
  2. Click Create Credentials > OAuth Client ID.
  3. Select Application type: Web application.
  4. Configure the OAuth client:
    • Name: Enter a descriptive name (e.g., "Eva Web Client")
    • Authorized JavaScript origins (if needed for CORS):
      • Add https://eva.foxio.io
      • Add http://localhost:3000 (for development, if needed)
    • Authorized redirect URIs:
      • Add https://eva.foxio.io/api/callback
      • Add any additional callback URLs for different environments
  5. Click Create.
  6. Important: Copy and securely store the Client ID and Client Secret.

Step 5: Configure Required OAuth Scopes

When implementing OAuth in your application, ensure you request these scopes:

  • openid - For OpenID Connect authentication
  • profile - For basic profile information
  • email - For user's email address

Example authorization URL:

https://accounts.google.com/o/oauth2/auth?
  client_id=YOUR_CLIENT_ID&
  redirect_uri=https://eva.foxio.io/api/callback&
  response_type=code&
  scope=openid%20profile%20email&
  access_type=offline

Step 6: Security Best Practices

  1. Client Secret Storage:

    • Never expose your Client Secret in client-side code
    • Store it in environment variables or secure secret management systems
    • Never commit it to version control

  2. HTTPS Only:

    • Always use HTTPS for production redirect URIs
    • Google OAuth will reject non-HTTPS redirect URIs (except localhost for development)

  3. Domain Verification:

    • Verify your domain ownership in Google Search Console for additional security

Step 7: Testing Your Configuration

  1. Test the OAuth Flow:

    • Initiate authentication from your Eva app
    • Verify redirect to Google's login page
    • Log in with a test account
    • Confirm successful redirect back to your callback URL

  2. Verify Permissions:

    • Check that the consent screen shows the correct scopes
    • Ensure user email and profile information are accessible after authentication

Troubleshooting

Common Issues:

  1. "Redirect URI mismatch" error:

    • Ensure the redirect URI exactly matches what's configured in Google Cloud Console
    • Check for trailing slashes, protocol (http/https), and port numbers

  2. "Access blocked" error:

    • Verify the OAuth consent screen is properly configured
    • For external apps, ensure the app is published

  3. Missing user information:

    • Confirm you're requesting the correct scopes (openid profile email)
    • Check that the user has a valid email in their Google account

  4. "Invalid client" error:

    • Verify Client ID and Client Secret are correct
    • Ensure the OAuth client hasn't been deleted or disabled

Now you can use your Google Client ID and Client Secret to configure Eva Slack app. For more information, refer to Google's OAuth 2.0 documentation.

Next Steps

After completing this setup guide, you're ready to configure Eva with your Google credentials.

Install Eva for SlackView All Guides