- You don’t have to implement your own authentication scheme.
- You can get users’ name and contact information easily.
- You can use the same credentials to access users’ Google resources like Sheets and Drive.
Introduction to OAuth
Google authentication is based on the OAuth standard. The way OAuth works is as follows:- Somewhere on your website, you direct a user to a login page.
- When they go to the login page, you don’t implement the login form on your website, but instead redirect to Google’s login service to login the user.
- When Google’s login service successfully logs in the user, it redirects back to your website at a predefined URL of your choosing, say
https://YOUR_DOMAIN/oauth2callback
, while sending some information pertinent to the user and the login session. - You use the user’s login information to further obtain an access token, which is like a pass you can use to access the user’s resources, like their profile information, their spreadsheets, documents and more.
OAuth: Show me the code
If you are like me, the first thing you want is working code. The code below is what you need. However, you’ll need to set up some things in your Google Cloud Console in order to get everything working. That will be covered in the next section. Create a new Replit App using the Flask template and put the following inmain.py
. The comments in the code explains what the individual parts do:
Set up your OAuth App / Client
To get the above code working, you’ll need to do these things in Google Cloud.- Create a Google Cloud project (if you don’t already have one).
- Configure the OAuth consent screen.
- Create an OAuth client ID for your app.
Create a Google Cloud project
If you already have a Google Cloud project you want to use for this exercise, you can skip this step.- Go to the Google Cloud Console
- Click on the project selector dropbox next to the Google Cloud logo:

- Select an existing project or Click “New Project” and create an new project.

- If creating a new project, enter a project name, and click “Create”.

Configure the OAuth consent screen
Now that you have a project, you can configure the OAuth consent screen for it:- Go to the OAuth Consent Screen

- Make sure the project in the project drop down is the one you want.
- Select “External” to allow any user to log in to your app with a Google account. “Internal” will allow only people from your organization.
- Click “Create”.
- Enter an app name and the email of the person supporting this app (you?)

- Enter an email address under “Developer contact information”.

- Click “Save and continue”.
- In the Scopes screen, you can add the APIs you want your app to have access to. You already have access to the APIs for getting basic user information.




Create an OAuth client ID for your app
This is the last part. To get OAuth working, you need to create an OAuth client ID for the app.- Go to Credentials.

- Click “Create credentials”


- Now, go to your Flask Replit App. Open the shell, and enter:
echo https://$REPLIT_DEV_DOMAIN/oauth2callback
. The result will look something like:https://81309e9b-c4df-48e0-a2c2-0a8d3c0e3162-00-35ppsa0tcuv6v.infra-staging.replit.dev/oauth2callback
. Copy this text and enter it as one of the “Authorized redirect URIs” in the bottom of the form

https://YOUR_APP_DOMAIN/oauth2callback
- Click “Create”
- Click “Download JSON”:

- Go to your Replit App again, open the Secrets pane. Create a secret named
GOOGLE_OAUTH_SECRETS
, and paste of the contents of the downloaded file as the secret value.

Google Sheets API Setup
In order to add a Google API integration like Google Sheets, first you need to enable the API for the app. You can browser the available APIs. As an example, we’ll use Google Sheets.- Go to the Google Sheets API listing page.
- Click “Enable”.
Google Sheets Integration: Show me the code
First, in the oauth flow section of the original code, we leave everything the same, except add"https://www.googleapis.com/auth/spreadsheets.readonly"
to the list of scopes:
googleapiclient.discovery
library is to first create a Credentials
object using the access token, and then use the build
function to create a callable API object. For the sheets API it looks like:
- Added the production
/oauth2callback
URI for to the “Authorized redirect URIs”. - Go to the consent page and “Publish App”.