# Google OAuth setup In order to connect Google accounts to Aurinko through OAuth2 authentication you'll need to create your own Google Project and OAuth client ID. You will configure Aurinko to use this client ID. If you have any trouble creating a Google Project and OAuth client ID, get in touch with [support@aurinko.io](mailto:mailto:support@aurinko.io) and we'd be happy to help you out! ### **Create a Google Project** *** To get started, head over to . You will be prompted to log in with a Google account if you're not already logged in with one. If you don't have a Google account, you can create one at . Use the selector at the top (next to the Google logo) and click the 'NEW PROJECT' button in the popup window that opens.

Name your project and click **"CREATE"**.

It may take up to a minute or two for Google to finish creating the project. ### **Enable APIs** *** Click the **"ENABLE APIS AND SERVICES"** button.

You'll be presented with the following search box:

Type "gmail" into the search box and click on the **"Gmail API"** card once it appears.

Click the large blue "**ENABLE"** button next to the Gmail logo.

You'll find yourself on the following page. Click the search box in the center of the top bar.

Type "calendar" and click on **"Google Calendar API"** once it appears.

Click **"ENABLE"** for the Google Calendar API.

In the similar manner find and enable Contacts API, Google People API, and Tasks API. ### **Configure OAuth consent screen** *** The last step to do in the Google Developer Console is to create a credential for OAuth, starting with configuring the consent screen. Click the **"CREATE CREDENTIALS"** button.

On the next screen, click "client ID".

Then click **"Configure consent screen"**.

Choose "Internal" or "External" user type. An "Internal" user type Google application will only allow access to users from your organization ( `@your-organization.com`). This type of application allows you to entirely skip the App Verification and Security Review processes required by Google for public-access applications, but limits which accounts can authenticate to your application.

On the following page, fill out the "Application name" field.

You'll need to determine what Google scopes you add to your consent screen based on your application's behavior. Please reference this mapping to see how Aurinko scopes will map to Google scopes during the authentication process: | Aurinko scope | Google API permission | | -------------------- | -------------------------------------------------------------------------------------------------------- | | `Mail.ReadOnly` | [`https://www.googleapis.com/auth/gmail.readonly`](https://www.googleapis.com/auth/gmail.readonly) | | `Mail.ReadWrite` | [`https://www.googleapis.com/auth/gmail.modify`](https://www.googleapis.com/auth/gmail.modify) | | `Mail.Draft` | [`https://www.googleapis.com/auth/gmail.compose`](https://www.googleapis.com/auth/gmail.compose) | | `Mail.Send` | [`https://www.googleapis.com/auth/gmail.send`](https://www.googleapis.com/auth/gmail.send) | | `Calendar.ReadOnly` | [`https://www.googleapis.com/auth/calendar.readonly`](https://www.googleapis.com/auth/calendar.readonly) | | `Calendar.ReadWrite` | [`https://www.googleapis.com/auth/calendar`](https://www.googleapis.com/auth/calendar) | | `Contacts.ReadOnly` | [`https://www.googleapis.com/auth/contacts.readonly`](https://www.googleapis.com/auth/contacts.readonly) | | `Contacts.ReadWrite` | [`https://www.googleapis.com/auth/contacts`](https://www.googleapis.com/auth/contacts) | | `Tasks.ReadOnly` | [`https://www.googleapis.com/auth/tasks.readonly`](https://www.googleapis.com/auth/tasks.readonly) | | `Tasks.ReadWrite` | [`https://www.googleapis.com/auth/tasks`](https://www.googleapis.com/auth/tasks) | Then add all required Google scopes, i.e. gmai.modify, gmail.send, calendar, contacts, tasks.

Finally, add your app's domain to the "Authorized domains" field.

Scroll down to the bottom of the page and click the blue "Save" button! ### **Create an OAuth credential** *** Click **"Create credentials"** and select **"OAuth client ID"** from the drop-down menu.

Fill out the form choosing the appropriate application type based on your application, and be sure to read the article regarding redirect URIs.

Then click the blue "Create" button at the bottom of the screen. You'll be presented with a page that shows your new OAuth client ID and Secret. Keep the page open, as you'll need the credentials in the next step. ### **Configure Aurinko to use your Google OAuth credentials** *** Head on over to [Aurinko portal](https://app.aurinko.io/) and log in. Select your app at the top, choose Settings menu and switch to the GOOGLE tab.

Copy-paste your Google OAuth client ID and Secret from the Google Developer Console and click "Save". **You are now all set to start connecting Google accounts to Aurinko!** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.aurinko.io/authentication/google-oauth-setup.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.