> ## Documentation Index
> Fetch the complete documentation index at: https://docs.replit.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Configure Google OAuth

> Set up Google as a social sign-in provider for your app's authentication

This guide walks you through creating a Google OAuth app in the Google Cloud Console. You'll collect a **Client ID** and **Client Secret**, plus configure the JavaScript origins and redirect URIs that Clerk requires.

<Note>
  This page covers only the provider-side setup in the Google Cloud Console. For the overall Clerk Auth flow — including enabling Google and entering credentials in the **Auth pane** — see [Configuring OAuth credentials for an SSO provider](/core-concepts/project-editor/auth-and-security/clerk-auth#configuring-oauth-credentials-for-an-sso-provider) in the Clerk Auth doc.
</Note>

## Prerequisites

* Access to the [Google Cloud Console](https://console.cloud.google.com/)
* A [published Replit app](/category/replit-deployments) — custom OAuth credentials are only available in the **Production** environment
* The **Google** provider's edit panel opened in: **Auth pane** → **Configure** tab → **SSO providers** section → select the **Production** environment → select **Edit** next to **Google**

## Step 1: Create a Google OAuth app

Navigate to the [Google Cloud Console](https://console.cloud.google.com/):

### Create or select a project

1. Select an existing project or create a new one from the project dropdown
2. You'll be redirected to your project's Dashboard

### Configure OAuth consent screen

1. In the left sidebar, select the menu icon (≡) and select **APIs & Services**
2. Select **OAuth consent screen**
3. Configure your app's consent screen with required information
4. Save your changes

### Create OAuth credentials

1. From **APIs & Services**, select **Credentials**
2. Select **Create Credentials** at the top, then select **OAuth client ID**
3. Choose **Web application** as the application type
4. Set **Authorized JavaScript origins** and **Authorized redirect URIs** to the exact values shown under **Provider setup** in the **Auth pane**. Add every value listed — your published domain and any custom domain are both included. See [Configuring OAuth credentials for an SSO provider](/core-concepts/project-editor/auth-and-security/clerk-auth#configuring-oauth-credentials-for-an-sso-provider) for how to find them.
5. Select **Create**
6. Save your **Client ID** and **Client Secret**

<Warning>
  Keep your Client Secret secure and never commit it to version control.
</Warning>

<Warning>
  Google sign-in does not work in embedded browsers or in-app webviews. Users must use a standard web browser.
</Warning>

## Troubleshooting

### Redirect URI mismatch

* Verify the redirect URI in Google Cloud Console exactly matches the value shown under **Provider setup** in the **Auth pane**
* Ensure there are no trailing slashes or typos
* Wait a few minutes for Google's configuration to propagate

### Invalid client

* Double-check Client ID and Client Secret are copied correctly
* Ensure there are no extra spaces
* Verify OAuth consent screen is configured

### Not working on custom domain

* Add the custom-domain entries shown under **Provider setup** in the **Auth pane** to both Authorized JavaScript origins and Authorized redirect URIs