> For the complete documentation index, see [llms.txt](https://docs.n8n.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.n8n.io/integrations/builtin/credentials/google/oauth-single-service.md).

# Google OAuth2 single service

This document contains instructions for creating a Google credential for a single service. They're also available as a [video](#video).

## Prerequisites <a href="#prerequisites" id="prerequisites"></a>

* Create a [Google Cloud](https://cloud.google.com/) account.

## Managed OAuth2 <a href="#managed-oauth2" id="managed-oauth2"></a>

n8n Cloud users can use **Managed OAuth2** for the following nodes:

* [Google Calendar](/integrations/builtin/app-nodes/n8n-nodes-base.googlecalendar.md)
* [Google Calendar Trigger](/integrations/builtin/trigger-nodes/n8n-nodes-base.googlecalendartrigger.md)
* [Google Contacts](/integrations/builtin/app-nodes/n8n-nodes-base.googlecontacts.md)
* [Google Docs](/integrations/builtin/app-nodes/n8n-nodes-base.googledocs.md)
* [Google Drive](/integrations/builtin/app-nodes/n8n-nodes-base.googledrive.md)
* [Google Drive Trigger](/integrations/builtin/trigger-nodes/n8n-nodes-base.googledrivetrigger.md)
* [Google Mail](/integrations/builtin/app-nodes/n8n-nodes-base.gmail.md)
* [Google Mail Trigger](/integrations/builtin/trigger-nodes/n8n-nodes-base.gmailtrigger.md)
* [Google Sheets](/integrations/builtin/app-nodes/n8n-nodes-base.googlesheets.md)
* [Google Sheets Trigger](/integrations/builtin/trigger-nodes/n8n-nodes-base.googlesheetstrigger.md)
* [Google Slides](/integrations/builtin/app-nodes/n8n-nodes-base.googleslides.md)
* [Google Tasks](/integrations/builtin/app-nodes/n8n-nodes-base.googletasks.md)

To use **Managed OAuth2**, just click **Sign in with Google** in the credentials screen. No more setup is required in the Google Cloud Console or elsewhere.

![Managed OAuth2 credentials screen](/files/NSoxUqDJR1RpP8Le5Eck)

If you prefer to use Custom OAuth2, use the dropdown to change the authentication type.

## Custom OAuth2 <a href="#custom-oauth2" id="custom-oauth2"></a>

Managed OAuth2 isn't available for self-hosted n8n users, nor for Google nodes not listed [above](#managed-oauth2). You must create a custom OAuth2 single service credential. This means creating an app in the Google Cloud Console and connecting it to n8n with a Client ID and Client Secret.

The rest of this document covers the full process.

## Set up Custom OAuth2 <a href="#set-up-custom-oauth2" id="set-up-custom-oauth2"></a>

There are five steps to connecting your n8n credential to Google services:

1. [Create a Google Cloud Console project](#create-a-google-cloud-console-project).
2. [Enable APIs](#enable-apis).
3. [Configure your OAuth consent screen](#configure-your-oauth-consent-screen).
4. [Create your Google OAuth client credentials](#create-your-google-oauth-client-credentials).
5. [Finish your n8n credential](#finish-your-n8n-credential).

### Create a Google Cloud Console project <a href="#create-a-google-cloud-console-project" id="create-a-google-cloud-console-project"></a>

First, create a Google Cloud Console project. If you already have a project, jump to the [next section](#enable-apis):

1. Log in to your [Google Cloud Console](https://console.cloud.google.com) using your Google credentials.
2. In the top menu, select the project dropdown in the top navigation and select **New project** or go directly to the [New Project](https://console.cloud.google.com/projectcreate) page.
3. Enter a **Project name** and select the location (**Organization** and/or **Parent resource**) for your project.
4. Select **Create**.
5. Check the top navigation and make sure the project dropdown has your project selected. If not, select the project you just created.

   <figure><img src="/spaces/GixZThfitWP21x2gQFpD/files/SIczcbm1o57cZqkHOrDn" alt=""><figcaption><p>Check the project dropdown in the Google Cloud top navigation</p></figcaption></figure>

### Enable APIs <a href="#enable-apis" id="enable-apis"></a>

With your project created, enable the APIs you'll need access to:

1. Access your [Google Cloud Console - Library](https://console.cloud.google.com/apis/library). Make sure you're in the correct project.

   <figure><img src="/spaces/GixZThfitWP21x2gQFpD/files/SIczcbm1o57cZqkHOrDn" alt=""><figcaption><p>Check the project dropdown in the Google Cloud top navigation</p></figcaption></figure>
2. Go to **APIs & Services > Library**.
3. Search for and select the API(s) you want to enable. For example, for the Gmail node, search for and enable the Gmail API.
4. Some integrations require other APIs or require you to request access:<br>

   * Google Perspective: [Request API Access](https://developers.perspectiveapi.com/s/docs-get-started).
   * Google Ads: Get a [Developer Token](https://developers.google.com/google-ads/api/docs/first-call/dev-token).

   <div data-gb-custom-block data-tag="hint" data-style="info" class="hint hint-info"><p><strong>Google Drive API required</strong></p><p>The following integrations require the Google Drive API, as well as their own API:</p><ul><li>Google Docs</li><li>Google Sheets</li><li>Google Slides</li></ul></div>

   <div data-gb-custom-block data-tag="hint" data-style="info" class="hint hint-info"><p><strong>Google Vertex AI API</strong></p><p>In addition to the Vertex AI API you will also need to enable the <a href="https://console.cloud.google.com/apis/api/cloudresourcemanager.googleapis.com/">Cloud Resource Manager API</a>.</p></div>
5. Select **ENABLE**.

### Configure your OAuth consent screen <a href="#configure-your-oauth-consent-screen" id="configure-your-oauth-consent-screen"></a>

If you haven't used OAuth in your Google Cloud project before, you'll need to [configure the OAuth consent screen](https://developers.google.com/workspace/guides/configure-oauth-consent):

1. Access your [Google Cloud Console - Library](https://console.cloud.google.com/apis/library). Make sure you're in the correct project.

   <figure><img src="/files/A6MajDseg81jSlXP8HXx" alt=""><figcaption><p>Check the project dropdown in the Google Cloud top navigation</p></figcaption></figure>
2. Open the left navigation menu and go to **APIs & Services > OAuth consent screen**. Google will redirect you to the Google Auth Platform overview page.
3. Select **Get started** on the **Overview** tab to begin configuring OAuth consent.
4. Enter an **App name** and **User support email** to include on the Oauth screen. Select **Next** to continue.
5. For the **Audience**, select **Internal** for user access within your organization's Google workspace or **External** for any user with a Google account. Refer to Google's [User type documentation](https://support.google.com/cloud/answer/15549945?sjid=17061891731152303663-EU#user-type) for more information on user types. Select **Next** to continue.<br>

   <div data-gb-custom-block data-tag="hint" data-style="info" class="hint hint-info"><p><strong>Testing mode and test users</strong></p><p>If you select <strong>External</strong>, your app will default to Testing mode. In this mode, only Google accounts you manually add as test users can complete the OAuth flow — everyone else will see an "access denied" screen. See <a href="#google-hasnt-verified-this-app">Google hasn't verified this app</a> to learn how to add them.</p></div>
6. Select the **Email addresses** Google should use to contact you about changes to your project. Select **Next** to continue.
7. Read and accept the Google's User Data Policy. Select **Continue** and then select **Create**.
8. In the left-hand menu, select **Branding**.
9. In the **Authorized domains** section, select **Add domain**:
   * If you're using n8n's Cloud service, add `n8n.cloud`
   * If you're [self-hosting](/deploy/host-n8n.md), add the domain of your n8n instance.
10. Select **Save** at the bottom of the page.

### Create your Google OAuth client credentials <a href="#create-your-google-oauth-client-credentials" id="create-your-google-oauth-client-credentials"></a>

Next, create the OAuth client credentials in Google:

1. Access your [Google Cloud Console](https://console.cloud.google.com/). Make sure you're in the correct project.
2. In the **APIs & Services** section, select [**Credentials**](https://console.cloud.google.com/apis/credentials).
3. Select **+ Create credentials** > **OAuth client ID**.
4. In the **Application type** dropdown, select **Web application**.
5. Google automatically generates a **Name**. Update the **Name** to something you'll recognize in your console.
6. From your n8n credential, copy the **OAuth Redirect URL**. Paste it into the **Authorized redirect URIs** in Google Console.<br>

   <div data-gb-custom-block data-tag="hint" data-style="info" class="hint hint-info"><p><strong>OAuth redirect URL for self-hosting</strong></p><p>If you're running n8n on your local machine, you don't need a public domain, SSL certificate, or port forwarding to use Google OAuth. Google allows localhost as a valid redirect URI for development purposes. Your n8n OAuth redirect URL will look something like this: <code>http://localhost:5678/rest/oauth2-credential/callback</code> For more details on acceptable redirect URIs, refer to <a href="https://support.google.com/cloud/answer/15549257?hl=en#zippy=%2Cweb-applications">Google's redirect URI documentation</a>.</p></div>
7. Select **Create**.

### Finish your n8n credential <a href="#finish-your-n8n-credential" id="finish-your-n8n-credential"></a>

With the Google project and credentials fully configured, finish the n8n credential:

1. From Google's **OAuth client created** modal, copy the **Client ID**. Enter this in your n8n credential.
2. From the same Google modal, copy the **Client Secret**. Enter this in your n8n credential.
3. In n8n, select **Sign in with Google** to complete your Google authentication.
4. **Save** your new credentials.

## Video <a href="#video" id="video"></a>

{% embed url="<https://www.youtube.com/embed/FBGtpWMTppw>" %}

## Troubleshooting <a href="#troubleshooting" id="troubleshooting"></a>

### Google hasn't verified this app <a href="#google-hasnt-verified-this-app" id="google-hasnt-verified-this-app"></a>

If using the OAuth authentication method, you might see the warning **Google hasn't verified this app**. To avoid this:

* If your app **User Type** is **Internal**, create OAuth credentials from the same account you want to authenticate.
* If your app **User Type** is **External**, you can add your email to the list of testers for the app: go to the [**Audience** ](https://console.cloud.google.com/auth/audience)page and add the email you're signing in with to the list of **Test users**.

If you need to use credentials generated by another account (by a developer or another third party), follow the instructions in [Google Cloud documentation | Authorization errors: Google hasn't verified this app](https://developers.google.com/nest/device-access/reference/errors/authorization#google_hasnt_verified_this_app).

### Google Cloud app becoming unauthorized <a href="#google-cloud-app-becoming-unauthorized" id="google-cloud-app-becoming-unauthorized"></a>

For Google Cloud apps with **Publishing status** set to **Testing** and **User type** set to **External**, consent and tokens expire after seven days. Refer to [Google Cloud Platform Console Help | Setting up your OAuth consent screen](https://support.google.com/cloud/answer/10311615?hl=en#zippy=%2Ctesting) for more information. To resolve this, reconnect the app in the n8n credentials modal.

### redirect\_uri\_mismatch <a href="#redirecturimismatch" id="redirecturimismatch"></a>

This error means the redirect URI n8n is sending doesn't match any of the URIs registered in your Google Cloud Console OAuth client.

**Fix:** Copy the **OAuth Redirect URL** from your n8n credential panel and paste it exactly — including the protocol (`http` or `https`) and port number — into the **Authorized redirect URIs** field of your Google OAuth client.

### Access denied / "app not verified" <a href="#access-denied-app-not-verified" id="access-denied-app-not-verified"></a>

This usually happens when your app is still in Testing mode and the Google account you're trying to authenticate with hasn't been added as a test user.

**Fix:** Go to **APIs & Services** > **OAuth consent screen** > **Test users** and add the account you're trying to use.

### invalid\_client <a href="#invalidclient" id="invalidclient"></a>

This error typically means the Client ID or Client Secret in your n8n credential doesn't match what's in Google Cloud Console.

**Fix:** Go back to your OAuth client in Google Cloud Console, copy both values fresh, and re-enter them in n8n. Watch out for accidental spaces when copying.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.n8n.io/integrations/builtin/credentials/google/oauth-single-service.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.