Skip to content
nexusprism.org Community Extensions
Nexus Nexus

Google OAuth

Google OAuth lets members sign in to your forum using their Google account. The setup involves Google Cloud Console and takes about ten minutes.

Step 1 — Create a Google Cloud project

Section titled “Step 1 — Create a Google Cloud project”

Go to console.cloud.google.com and create a new project, or select an existing one.

In the left sidebar, navigate to APIs & Services → OAuth consent screen (now called Google Auth Platform in newer versions of the console).

Step 2 — Configure the consent screen (Branding)

Section titled “Step 2 — Configure the consent screen (Branding)”

On the Branding page:

  1. Set App name to your forum name
  2. Set User support email to your email address
  3. Under App domain, set Application home page to https://your-forum-domain.com
  4. Under Authorized domains, click + Add domain and enter your-root-domain.com — just the bare domain, no https:// prefix, no subdomain. For example: nexusprism.org. Google covers all subdomains automatically.
  5. Add your email to Developer contact information
  6. Click Save

Step 3 — Set the audience

Section titled “Step 3 — Set the audience”

Click Audience in the left sidebar.

  • If this forum is for the public, select External
  • If this forum is internal and only for Google Workspace accounts in your organisation, select Internal

For External apps in Testing status, add any email addresses that should be able to test sign-in under Test users. Users not on this list won’t be able to sign in until the app is published.

To allow anyone to sign in, click Publish app to move out of Testing status. Google may require verification before publishing if you have a logo or sensitive scopes configured.

Click Save.

Step 4 — Create the OAuth client

Section titled “Step 4 — Create the OAuth client”

Click Clients in the left sidebar, then + Create Client:

  1. Set Application type to Web application
  2. Give it a name (e.g. your forum name)
  3. Under Authorised redirect URIs, click + Add URI and enter: 
    https://your-forum-domain.com/api/v1/auth/oauth/google/callback
  4. Click Create

Google will display your Client ID and Client Secret. Copy both — the secret is shown here but you can retrieve it again from the client settings if needed.

Step 5 — Configure Nexus

Section titled “Step 5 — Configure Nexus”

In your forum’s admin panel go to Admin → Integrations:

  1. Enable Sign in with Google
  2. Paste your Client ID (ends in .apps.googleusercontent.com)
  3. Paste your Client Secret (starts with GOCSPX-)
  4. Click Save

Google sign-in will appear on the login and registration pages immediately.

Troubleshooting

Section titled “Troubleshooting”

“Access blocked: app is in testing” error Your app is in Testing status and the user’s email isn’t on the test users list. Add them under Audience → Test users, or publish the app.

“redirect_uri_mismatch” error from Google The redirect URI in your OAuth client doesn’t match what Nexus is sending. Check that the Authorised redirect URI is exactly https://your-forum-domain.com/api/v1/auth/oauth/google/callback with no trailing slash.

“Invalid domain” error when adding authorized domain Enter only the bare root domain without https:// — for example nexusprism.org, not https://meta.nexusprism.org.

Sign-in works for some users but not others Your app is likely still in Testing status. Either add the users to the test users list or publish the app.