bd0df408a5
- Step-by-step Google Cloud Console configuration - Supabase Dashboard provider setup instructions - Environment variables section - Test integration checklist - Troubleshooting guide for common errors - Security notes and best practices - Local vs production comparison table Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
3.6 KiB
Google OAuth Setup Guide
This guide explains how to configure Google OAuth for Leopost.
Prerequisites
- Google Cloud account
- Supabase project created
- Access to Supabase Dashboard
Step 1: Google Cloud Console Setup
-
Go to Google Cloud Console
-
Create a new project or select existing one
-
Navigate to APIs & Services > Credentials
-
Click Create Credentials > OAuth client ID
-
If prompted, configure the OAuth consent screen:
- User Type: External
- App name: Leopost
- User support email: your email
- Developer contact: your email
- Scopes: email, profile, openid (default)
-
Create OAuth Client ID:
- Application type: Web application
- Name: Leopost Web Client
-
Add Authorized JavaScript origins:
http://localhost:3000 https://your-production-domain.com -
Add Authorized redirect URIs:
https://<your-project-ref>.supabase.co/auth/v1/callbackFind your project ref in Supabase Dashboard > Project Settings > General
-
Click Create and save the Client ID and Client Secret
Step 2: Supabase Configuration
-
Go to Supabase Dashboard
-
Select your project
-
Navigate to Authentication > Providers
-
Find Google and click to enable
-
Enter:
- Client ID: From Google Cloud Console
- Client Secret: From Google Cloud Console
-
Copy the Callback URL shown (should match what you entered in Google)
-
Click Save
Step 3: Environment Variables
No additional environment variables needed for Google OAuth. The configuration is stored in Supabase Dashboard.
Your existing .env.local should have:
NEXT_PUBLIC_SUPABASE_URL=your-project-url
NEXT_PUBLIC_SUPABASE_ANON_KEY=your-anon-key
Step 4: Test the Integration
-
Start development server:
npm run dev -
Click "Accedi con Google"
-
You should be redirected to Google consent screen
-
After consent, you should return to the app authenticated
-
Check Supabase Dashboard > Authentication > Users to verify user was created
Troubleshooting
"redirect_uri_mismatch" error
The redirect URI in Google Console doesn't match Supabase's callback URL.
- Verify the exact URL in Supabase Auth Providers matches Google Console
- Check for trailing slashes
- Ensure using HTTPS for Supabase callback
"Access blocked: This app's request is invalid"
OAuth consent screen not configured or not published.
- Configure OAuth consent screen in Google Cloud Console
- For testing, add your email as a test user
- For production, submit for verification
User created but profile missing
The database trigger might not have fired.
- Check if
on_auth_user_createdtrigger exists - Verify
handle_new_userfunction has correct permissions - Check Supabase logs for errors
Session not persisting
Middleware might not be refreshing sessions.
- Ensure middleware.ts is in project root
- Check middleware matcher includes auth routes
- Verify cookies are being set correctly
Security Notes
- Never commit Client Secret to version control
- For production, publish OAuth consent screen for verification
- Use a separate OAuth client for production vs development
- Regularly rotate Client Secrets
Local Development vs Production
| Setting | Local | Production |
|---|---|---|
| JavaScript origins | http://localhost:3000 | https://your-domain.com |
| Redirect URI | Same Supabase callback | Same Supabase callback |
| Consent screen | Testing mode | Published/Verified |
| Test users | Your email added | Not needed |