Google: OAuth2 single service

This document contains instructions for creating a Google credential for a single service. They're also available as a video.

Prerequisites

• Create a Google Cloud account.

Managed OAuth2

n8n Cloud users can use Managed OAuth2 for the following nodes:

• Google Calendar
• Google Calendar Trigger
• Google Contacts
• Google Docs
• Google Drive
• Google Drive Trigger
• Google Mail
• Google Mail Trigger
• Google Sheets
• Google Sheets Trigger
• Google Slides
• Google Tasks

To use Managed OAuth2, just click Sign in with Google in the credentials screen. No more setup is required in the Google Cloud Console or elsewhere.

If you prefer to use Custom OAuth2, use the dropdown to change the authentication type.

Custom OAuth2

Managed OAuth2 isn't available for self-hosted n8n users, nor for Google nodes not listed above. You must create a custom OAuth2 single service credential. This means creating an app in the Google Cloud Console and connecting it to n8n with a Client ID and Client Secret.

The rest of this document covers the full process.

Set up Custom OAuth2

There are five steps to connecting your n8n credential to Google services:

1. Create a Google Cloud Console project.
2. Enable APIs.
3. Configure your OAuth consent screen.
4. Create your Google OAuth client credentials.
5. Finish your n8n credential.

Create a Google Cloud Console project

First, create a Google Cloud Console project. If you already have a project, jump to the next section:

1. Log in to your Google Cloud Console using your Google credentials.
2. In the top menu, select the project dropdown in the top navigation and select New project or go directly to the New Project page.
3. Enter a Project name and select the location (Organization and/or Parent resource) for your project.
4. Select Create.

5. Check the top navigation and make sure the project dropdown has your project selected. If not, select the project you just created.

   

   Check the project dropdown in the Google Cloud top navigation

Enable APIs

With your project created, enable the APIs you'll need access to:

1. Access your Google Cloud Console - Library. Make sure you're in the correct project.

   

   Check the project dropdown in the Google Cloud top navigation

2. Go to APIs & Services > Library.
3. Search for and select the API(s) you want to enable. For example, for the Gmail node, search for and enable the Gmail API.

4. Some integrations require other APIs or require you to request access:

   • Google Perspective: Request API Access.
   • Google Ads: Get a Developer Token.

   Google Drive API required

   The following integrations require the Google Drive API, as well as their own API:

   • Google Docs
   • Google Sheets
   • Google Slides

   Google Vertex AI API

   In addition to the Vertex AI API you will also need to enable the Cloud Resource Manager API.

5. Select ENABLE.

Configure your OAuth consent screen

If you haven't used OAuth in your Google Cloud project before, you'll need to configure the OAuth consent screen:

1. Access your Google Cloud Console - Library. Make sure you're in the correct project.

   

   Check the project dropdown in the Google Cloud top navigation

2. Open the left navigation menu and go to APIs & Services > OAuth consent screen. Google will redirect you to the Google Auth Platform overview page.
3. Select Get started on the Overview tab to begin configuring OAuth consent.
4. Enter an App name and User support email to include on the Oauth screen. Select Next to continue.
5. For the Audience, select Internal for user access within your organization's Google workspace or External for any user with a Google account. Refer to Google's User type documentation for more information on user types. Select Next to continue.

Testing mode and test users

If you select External, your app will default to Testing mode. In this mode, only Google accounts you manually add as test users can complete the OAuth flow — everyone else will see an "access denied" screen. See Google hasn't verified this app to learn how to add them.

1. Select the Email addresses Google should use to contact you about changes to your project. Select Next to continue.
2. Read and accept the Google's User Data Policy. Select Continue and then select Create.
3. In the left-hand menu, select Branding.
4. In the Authorized domains section, select Add domain:
   • If you're using n8n's Cloud service, add n8n.cloud
   • If you're self-hosting, add the domain of your n8n instance.
5. Select Save at the bottom of the page.

Create your Google OAuth client credentials

Next, create the OAuth client credentials in Google:

1. Access your Google Cloud Console. Make sure you're in the correct project.
2. In the APIs & Services section, select Credentials.
3. Select + Create credentials > OAuth client ID.
4. In the Application type dropdown, select Web application.
5. Google automatically generates a Name. Update the Name to something you'll recognize in your console.
6. From your n8n credential, copy the OAuth Redirect URL. Paste it into the Authorized redirect URIs in Google Console.

OAuth redirect URL for self-hosting

If you're running n8n on your local machine, you don't need a public domain, SSL certificate, or port forwarding to use Google OAuth. Google allows localhost as a valid redirect URI for development purposes. Your n8n OAuth redirect URL will look something like this: http://localhost:5678/rest/oauth2-credential/callback For more details on acceptable redirect URIs, refer to Google's redirect URI documentation.

1. Select Create.

Finish your n8n credential

With the Google project and credentials fully configured, finish the n8n credential:

1. From Google's OAuth client created modal, copy the Client ID. Enter this in your n8n credential.
2. From the same Google modal, copy the Client Secret. Enter this in your n8n credential.
3. In n8n, select Sign in with Google to complete your Google authentication.
4. Save your new credentials.

Video

Troubleshooting

Google hasn't verified this app

If using the OAuth authentication method, you might see the warning Google hasn't verified this app. To avoid this:

• If your app User Type is Internal, create OAuth credentials from the same account you want to authenticate.
• If your app User Type is External, you can add your email to the list of testers for the app: go to the Audience page and add the email you're signing in with to the list of Test users.

If you need to use credentials generated by another account (by a developer or another third party), follow the instructions in Google Cloud documentation | Authorization errors: Google hasn't verified this app.

Google Cloud app becoming unauthorized

For Google Cloud apps with Publishing status set to Testing and User type set to External, consent and tokens expire after seven days. Refer to Google Cloud Platform Console Help | Setting up your OAuth consent screen for more information. To resolve this, reconnect the app in the n8n credentials modal.

redirect_uri_mismatch

This error means the redirect URI n8n is sending doesn't match any of the URIs registered in your Google Cloud Console OAuth client.

Fix: Copy the OAuth Redirect URL from your n8n credential panel and paste it exactly — including the protocol (http or https) and port number — into the Authorized redirect URIs field of your Google OAuth client.

Access denied / "app not verified"

This usually happens when your app is still in Testing mode and the Google account you're trying to authenticate with hasn't been added as a test user.

Fix: Go to APIs & Services > OAuth consent screen > Test users and add the account you're trying to use.

invalid_client

This error typically means the Client ID or Client Secret in your n8n credential doesn't match what's in Google Cloud Console.

Fix: Go back to your OAuth client in Google Cloud Console, copy both values fresh, and re-enter them in n8n. Watch out for accidental spaces when copying.

Chat with the docs

This page was Helpful Not helpful

Thanks for your feedback!

Submit