Google: OAuth2 generic

This document contains instructions for creating a generic OAuth2 Google credential for use with custom operations.

Note

Note for n8n Cloud users For the following nodes, you can authenticate by selecting Sign in with Google in the OAuth section:

Prerequisites

Set up OAuth

There are five steps to connecting your n8n credential to Google services:

  1. Create a Google Cloud Console project.

  2. Enable APIs.

  3. Configure your OAuth consent screen.

  4. Create your Google OAuth client credentials.

  5. Finish your n8n credential.

Create a Google Cloud Console project

First, create a Google Cloud Console project. If you already have a project, jump to the next section:

  1. Log in to your Google Cloud Console using your Google credentials.

  2. In the top menu, select the project dropdown in the top navigation and select New project or go directly to the New Project page.

  3. Enter a Project name and select the Location for your project.

  4. Select Create.

  5. Check the top navigation and make sure the project dropdown has your project selected. If not, select the project you just created.

    ![The project dropdown in the Google Cloud top navigation](/_images/integrations/builtin/credentials/google/google-cloud-project-dropdown.png)
    Check the project dropdown in the Google Cloud top navigation

Enable APIs

With your project created, enable the APIs you’ll need access to:

  1. Access your Google Cloud Console - Library. Make sure you’re in the correct project.

    ![The project dropdown in the Google Cloud top navigation](/_images/integrations/builtin/credentials/google/google-cloud-project-dropdown.png)
    Check the project dropdown in the Google Cloud top navigation

  2. Go to APIs & Services > Library.

  3. Search for and select the API(s) you want to enable. For example, for the Gmail node, search for and enable the Gmail API.

  4. Some integrations require other APIs or require you to request access:

    Note

    Google Drive API required The following integrations require the Google Drive API, as well as their own API:

    • Google Docs

    • Google Sheets

    • Google Slides

    Note

    Google Vertex AI API In addition to the Vertex AI API you will also need to enable the Cloud Resource Manager API.

  5. Select ENABLE.

Create your Google OAuth client credentials

Next, create the OAuth client credentials in Google:

  1. Access your Google Cloud Console. Make sure you’re in the correct project.

  2. In the APIs & Services section, select Credentials.

  3. Select + Create credentials > OAuth client ID.

  4. In the Application type dropdown, select Web application.

  5. Google automatically generates a Name. Update the Name to something you’ll recognize in your console.

  6. From your n8n credential, copy the OAuth Redirect URL. Paste it into the Authorized redirect URIs in Google Console.

  7. Select Create.

Finish your n8n credential

With the Google project and credentials fully configured, finish the n8n credential:

  1. From Google’s OAuth client created modal, copy the Client ID. Enter this in your n8n credential.

  2. From the same Google modal, copy the Client Secret. Enter this in your n8n credential.

  3. You must provide the scopes for this credential. Refer to Scopes for more information. Enter multiple scopes in a space-separated list, for example:

    https://www.googleapis.com/auth/gmail.labels https://www.googleapis.com/auth/gmail.addons.current.action.compose

  4. In n8n, select Sign in with Google to complete your Google authentication.

  5. Save your new credentials.

Video

The following video demonstrates the steps described above:

Scopes

Google services have one or more possible access scopes. A scope limits what a user can do. Refer to OAuth 2.0 Scopes for Google APIs for a list of scopes for all services.

n8n doesn’t support all scopes. When creating a generic Google OAuth2 API credential, you can enter scopes from the Supported scopes list below. If you enter a scope that n8n doesn’t already support, it won’t work.

??? Details “Supported scopes” | Service | Available scopes | |————————————–|——————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————–| | Gmail |

  • https://www.googleapis.com/auth/gmail.labels
  • https://www.googleapis.com/auth/gmail.addons.current.action.compose
  • https://www.googleapis.com/auth/gmail.addons.current.message.action
  • https://mail.google.com/
  • https://www.googleapis.com/auth/gmail.modify
  • https://www.googleapis.com/auth/gmail.compose
| | Google Ads |
  • https://www.googleapis.com/auth/adwords
| | Google Analytics |
  • https://www.googleapis.com/auth/analytics
  • https://www.googleapis.com/auth/analytics.readonly
| | Google BigQuery |
  • https://www.googleapis.com/auth/bigquery
| | Google Books |
  • https://www.googleapis.com/auth/books
| | Google Calendar |
  • https://www.googleapis.com/auth/calendar
  • https://www.googleapis.com/auth/calendar.events
| | Google Cloud
Natural Language |
  • https://www.googleapis.com/auth/cloud-language
  • https://www.googleapis.com/auth/cloud-platform
| | Google Cloud
Storage |
  • https://www.googleapis.com/auth/cloud-platform
  • https://www.googleapis.com/auth/cloud-platform.read-only
  • https://www.googleapis.com/auth/devstorage.full_control
  • https://www.googleapis.com/auth/devstorage.read_only
  • https://www.googleapis.com/auth/devstorage.read_write
| | Google Contacts |
  • https://www.googleapis.com/auth/contacts
| | Google Docs |
  • https://www.googleapis.com/auth/documents
  • https://www.googleapis.com/auth/drive
  • https://www.googleapis.com/auth/drive.file
| | Google Drive |
  • https://www.googleapis.com/auth/drive
  • https://www.googleapis.com/auth/drive.appdata
  • https://www.googleapis.com/auth/drive.photos.readonly
| | Google Firebase
Cloud Firestore |
  • https://www.googleapis.com/auth/datastore
  • https://www.googleapis.com/auth/firebase
| | Google Firebase
Realtime Database |
  • https://www.googleapis.com/auth/userinfo.email
  • https://www.googleapis.com/auth/firebase.database
  • https://www.googleapis.com/auth/firebase
| | Google Perspective |
  • https://www.googleapis.com/auth/userinfo.email
| | Google Sheets |
  • https://www.googleapis.com/auth/drive.file
  • https://www.googleapis.com/auth/spreadsheets
| | Google Slide |
  • https://www.googleapis.com/auth/drive.file
  • https://www.googleapis.com/auth/presentations
| | Google Tasks |
  • https://www.googleapis.com/auth/tasks
| | Google Translate |
  • https://www.googleapis.com/auth/cloud-translation
| | GSuite Admin |
  • https://www.googleapis.com/auth/admin.directory.group
  • https://www.googleapis.com/auth/admin.directory.user
  • https://www.googleapis.com/auth/admin.directory.domain.readonly
  • https://www.googleapis.com/auth/admin.directory.userschema.readonly
|

Troubleshooting

Google hasn’t verified this app

If using the OAuth authentication method, you might see the warning Google hasn’t verified this app. To avoid this:

  • If your app User Type is Internal, create OAuth credentials from the same account you want to authenticate.

  • If your app User Type is External, you can add your email to the list of testers for the app: go to the Audience page and add the email you’re signing in with to the list of Test users.

If you need to use credentials generated by another account (by a developer or another third party), follow the instructions in Google Cloud documentation | Authorization errors: Google hasn’t verified this app.

Google Cloud app becoming unauthorized

For Google Cloud apps with Publishing status set to Testing and User type set to External, consent and tokens expire after seven days. Refer to Google Cloud Platform Console Help | Setting up your OAuth consent screen for more information. To resolve this, reconnect the app in the n8n credentials modal.