> ## Documentation Index
> Fetch the complete documentation index at: https://danswer-mintlify-deep-research-1773355783.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Google OAuth

> Google OAuth authentication setup

Configure Onyx to use Google OAuth for user authentication,
providing a seamless login experience through existing Google accounts.

**Prerequisites:**

* [Google Cloud Console](https://console.cloud.google.com/) access
* Administrative permissions to configure OAuth applications

## Guide

<Steps>
  <Step title="Create Google Cloud Project">
    Navigate to the Google Cloud Console [Project Creation page](https://console.cloud.google.com/projectcreate)
    and fill in the required fields.

    <img className="rounded-image" src="https://mintcdn.com/danswer-mintlify-deep-research-1773355783/P_KuphfoQqWkjsLG/assets/deployment/gcc_project_creation.png?fit=max&auto=format&n=P_KuphfoQqWkjsLG&q=85&s=6946d25a83350d2af8f87b8f05f752c0" alt="Google Cloud Console Project Creation Page" width="1094" height="960" data-path="assets/deployment/gcc_project_creation.png" />
  </Step>

  <Step title="Enable Google People API">
    Navigate to **APIs & Services** and find [Google People
    API](https://console.cloud.google.com/apis/library/people.googleapis.com).

    Ensure your newly created project is selected in the top bar and click **Enable**.

    <img className="rounded-image" src="https://mintcdn.com/danswer-mintlify-deep-research-1773355783/P_KuphfoQqWkjsLG/assets/deployment/gcc_people_api.png?fit=max&auto=format&n=P_KuphfoQqWkjsLG&q=85&s=11dd5efa60374e72f4eb56a6f655a668" alt="Google Cloud Console People API Enable Page" width="1246" height="628" data-path="assets/deployment/gcc_people_api.png" />
  </Step>

  <Step title="Create Google Auth Platform">
    Open the left sidebar and navigate to **APIs & Services** → **OAuth Consent Screen**.

    Once on the **Overview** page, click **Get Started**.

    <img className="rounded-image" src="https://mintcdn.com/danswer-mintlify-deep-research-1773355783/P_KuphfoQqWkjsLG/assets/deployment/gcc_oauth_consent.png?fit=max&auto=format&n=P_KuphfoQqWkjsLG&q=85&s=41ffbbf4fce390781db0a6a908ee691a" alt="Google Cloud Console OAuth Consent Screen Page" width="1470" height="892" data-path="assets/deployment/gcc_oauth_consent.png" />
  </Step>

  <Step title="Configure OAuth Project & Consent Screen">
    Fill in the **App name** and **User support email** fields.

    Select your **Audience**. If you have a Google Workspace organization, select **Internal**. If not,
    select **External**.

    <Note>
      If you select **External**, you will need to add your users manually in the **Audience** tab under **Test users**.
    </Note>

    Fill in any other required fields and finalize the configuration.
  </Step>

  <Step title="Create OAuth Client">
    Navigate to **APIs & Services** → **OAuth Consent Screen** → **Clients** page.

    Click **"+ Create Client"** and select **Web Application**.

    <img className="rounded-image" src="https://mintcdn.com/danswer-mintlify-deep-research-1773355783/P_KuphfoQqWkjsLG/assets/deployment/gcc_oauth_client.png?fit=max&auto=format&n=P_KuphfoQqWkjsLG&q=85&s=fa2b56e26b37b5a75ef758fe36c31aad" alt="Google Cloud Console OAuth Client Creation Page" width="1918" height="600" data-path="assets/deployment/gcc_oauth_client.png" />
  </Step>

  <Step title="Configure OAuth Client">
    **Name:** `Onyx`

    **Authorized JavaScript origins** and **Authorized redirect URIs** depend on your deployment environment.

    If hosting Onyx locally use:

    ```
    http://localhost:3000
    http://localhost:3000/auth/oauth/callback
    ```

    If hosting Onyx on a custom domain use:

    ```
    https://YOUR_ONYX_DOMAIN.com
    https://YOUR_ONYX_DOMAIN.com/auth/oauth/callback
    ```

    <img className="rounded-image" src="https://mintcdn.com/danswer-mintlify-deep-research-1773355783/P_KuphfoQqWkjsLG/assets/deployment/gcc_oauth_client_details.png?fit=max&auto=format&n=P_KuphfoQqWkjsLG&q=85&s=e400a754e619e8e70935e94396f9b5e0" alt="Google Cloud Console OAuth Client Creation Page" width="1918" height="1966" data-path="assets/deployment/gcc_oauth_client_details.png" />

    <Tip>
      Make sure the URIs you enter here match the URI you use to access Onyx!
    </Tip>
  </Step>

  <Step title="Save OAuth Credentials">
    Click **Create** → **Download JSON** to save the OAuth client credentials. Alternatively,
    save the **Client ID** and **Client Secret** to a password or secrets manager.
  </Step>

  <Step title="Configure Onyx">
    Configure Onyx with the following environment variables in your `.env` or `values.yaml` file (Docker and Kubernetes,
    respectively).

    ```bash .env theme={null}
    AUTH_TYPE=google_oauth
    OAUTH_CLIENT_ID=YOUR_CLIENT_ID
    OAUTH_CLIENT_SECRET=YOUR_CLIENT_SECRET

    # If you are deploying to a custom domain, you will need to set the `WEB_DOMAIN` environment variable.
    WEB_DOMAIN=https://YOUR_ONYX_DOMAIN.com
    ```

    <Note>
      If you're using Docker but don't have a `.env` file,
      copy `onyx/deployment/docker_compose/env.prod.template` to a new `.env` file in the same directory.
    </Note>

    ```bash values.yaml theme={null}
    auth:
      secrets:
        OAUTH_CLIENT_ID: <CLIENT_ID_FROM_GOOGLE>
        OAUTH_CLIENT_SECRET:<CLIENT_SECRET_FROM_GOOGLE>
    configMap:
      AUTH_TYPE: google_oauth
    ```
  </Step>
</Steps>
