By configuring social login providers, your application users can conveniently log in or register using their own Google accounts without needing to remember additional passwords. RootAuth currently supports Google login and provides two configuration methods: Shared Credentials (for testing) and Custom Credentials (for production environments).
Path: Log in to the RootAuth console → Navigate to the target application → Click Configuration in the top navigation bar → Select Application Management – Authentication Configuration → Choose Providers
1. Feature Overview
RootAuth's social login feature enables you to quickly integrate Google account login, enhancing the user experience. The system provides two configuration methods:
-
Shared RootAuth Credentials: No need to apply for OAuth credentials yourself; can be used directly for testing to quickly experience the Google login process.
-
Custom Credentials: You need to go to the Google Cloud Console to apply for your own OAuth Client ID and Secret. Suitable for production environments, providing full brand control and higher security.
2. Applying for a Google OAuth Client Account
To integrate Google login into your application, you first need to create an OAuth 2.0 client in the Google Cloud Console. Follow the steps below (skip if you are already familiar).
Step 1: Access the Google Cloud Console
Open the Google Cloud Console and log in with your Google account. If you don't have an account, please register first.
Step 2: Create or Select a Project
At the top of the console, click the project dropdown menu. Select an existing project or click "New Project" to create a new one, filling in the project name and other information. Ensure the current context is the project you intend to use.
Step 3: Navigate to "APIs & Services" > "Credentials"
In the left navigation menu, select "APIs & Services", then click "Credentials".
Step 4: Configure the OAuth Consent Screen (If First Time Use)
On the "Credentials" page, if prompted to "Configure Consent Screen", click it. If it indicates that the Google Auth Platform is not yet configured, click "Get Started".
You will enter the project configuration page. Fill in the necessary information, such as:
-
App name
-
User support email
-
Audience (select "External" for general applications)
-
Developer contact information
Then click "Create".
Step 5: Create an OAuth Client
On the "Overview" page, click "Create OAuth Client ID" and configure the relevant information.
The system will prompt you to select an application type. For most web applications, choose "Web Application" and fill in the following information:
-
Name: Give your client an easily identifiable name, e.g., "My Application - Web".
-
Authorized JavaScript origins: Add your application's frontend domain (e.g.,
https://yourdomain.com) and local development addresses (e.g.,http://localhost:3000). This helps prevent cross-site request forgery. -
Authorized redirect URIs: This is the address Google redirects to after user authorization. You need to fill in the redirect URI obtained from the RootAuth console. Ensure this is entered accurately; otherwise, the authorization flow will fail.
Step 6: Create and Obtain Credentials
Click the "Create" button. A popup will immediately display your Client ID and Client Secret. Be sure to copy and securely store these two values; you will need to enter them in the RootAuth console later.
-
Client ID: Used to identify your application; it is the application's public identifier.
-
Client Secret: Equivalent to a password. Do not disclose it. If accidentally lost, you can regenerate it in the credentials list at any time.
Step 7: Next Steps
Return to the RootAuth console. In Authentication Management → Providers → Google Configuration, fill in the Client ID and Client Secret obtained above, and ensure the redirect URI matches the one you entered in the Google Cloud Console.
Tip: If you haven't completed the configuration in RootAuth yet, you can leave it blank for now and edit the client later. However, it is recommended to have it ready in advance.
3. Configuring Google Login
3.1 Enabling Google Login
Find Google in the providers list and click the "Enable" button on the right. A configuration popup will appear. There is a toggle switch in the upper-left corner of the popup, which is off by default. Click to turn it "On"; the credential type options below will become selectable.
3.2 Selecting a Credential Type
The popup provides two credential types; you need to choose one:
-
Shared RootAuth Credentials
-
Description: Test Google OAuth without any setup.
-
Applicable Scenario: Development testing, quick validation.
-
Action: After selecting this card, simply click the "Save" button in the lower-right corner of the popup for it to take effect.
-
-
Custom Credentials
-
Description: Configure your own Google OAuth for production environments.
-
Applicable Scenario: Official launch; requires you to apply for Google OAuth credentials yourself.
-
Action: After selecting this card, a detailed configuration form will expand below. Complete the form before saving.
-
Custom Credentials Form Field Descriptions
| Field | Description | Required |
|---|---|---|
| Google Client ID | The Client ID you generated in the Google Cloud Console | Yes |
| Google Client Secret | The corresponding Client Secret; input is masked | Yes |
| Authorized Redirect URI | Automatically generated by the system. You need to copy this URI and fill it in as a callback address in the Google Cloud Console | Read-only |
| Authorization Scope | Fixed as email, profile, openid; no modification needed |
Read-only |
| Login Mode | Fixed as "Available for login/registration", meaning users can log in or register via Google | Checked by default, cannot be modified |
| Account Linking | If the email used for Google login matches an existing account email in the system, it is automatically linked; otherwise, a new account is created | Checked by default, cannot be modified |
Note: When filling in the Client ID and Secret, the system does not validate their format or validity. Actual verification occurs during the OAuth flow when a user logs in with Google for the first time.
3.3 Saving the Configuration
After making your selection or filling in the form, click the "Save" button in the lower-right corner of the popup. Upon successful saving, the popup closes, and the status for Google in the providers list changes to "Enabled". If you selected Custom Credentials, it will be tagged as "Custom Credentials", and the button on the right will change to "Manage".
4. Managing an Enabled Configuration
Click the "Manage" button next to Google to reopen the configuration popup.
The popup will fully load the configuration state you last saved (toggle state, selected credential type, and any custom information entered).
You can modify the configuration within the popup (e.g., switch credential types, update custom credential fields). After making changes, click "Save" for them to take effect.
To disable Google login, turn off the toggle switch at the top of the popup and click "Save". Once disabled, the Google button will no longer be displayed on the end-user login page.
Note: After disabling Google login, any previously entered custom credential information is retained, so you won't need to re-enter it if you enable it again later.
5. End-User Experience
Once the configuration takes effect, a Google login button will automatically appear on your application's login and registration pages. You can preview the effect via Application – Application Management – Try Registration/Login in the upper-right corner. When users click this button, they will be redirected to the Google authorization page; after consenting, they can quickly log in or register.
-
If the email used for Google login already exists in your application's user pool, the system will automatically link the accounts.
-
Otherwise, a new user account will be created automatically.
Note on Caching: Due to possible browser or CDN caching, it may take up to 2 minutes for configuration changes to be fully effective for all end-users. If a user clicks the old button and encounters a prompt, refreshing the page should load the latest configuration.
6. Viewing a User's Linked Google Account
In the User Management → User Details page of your application, within the "Authentication Methods" section, you can view information about the user's linked Google account:
-
Google icon and name
-
Linked Google email address
-
Time of the last login using Google
Currently, this information is for display purposes only; manual unlinking is not supported.
;}.cls-2{fill:%230868f7;}.cls-3{fill:url(%23未命名的渐变_44);}.cls-4{fill:%23333;}%3c/style%3e%3clinearGradient%20id='未命名的渐变_8'%20x1='33.73'%20y1='100.61'%20x2='-0.03'%20y2='-1.06'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20offset='0'%20stop-color='%237ae9fb'/%3e%3cstop%20offset='0.67'%20stop-color='%232b90f8'/%3e%3cstop%20offset='1'%20stop-color='%230868f7'/%3e%3c/linearGradient%3e%3clinearGradient%20id='未命名的渐变_44'%20x1='27.86'%20y1='18.67'%20x2='68.36'%20y2='22.22'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20offset='0'%20stop-color='%235ac7f2'/%3e%3cstop%20offset='1'%20stop-color='%230868f7'/%3e%3c/linearGradient%3e%3c/defs%3e%3cpath%20class='cls-1'%20d='M29,28.74V81.91l-9.51-3.68v0L8.52,74A7.17,7.17,0,0,1,4,67.32V24.54A3.76,3.76,0,0,1,9.08,21Z'/%3e%3cpath%20class='cls-2'%20d='M68.09,78.07a13.15,13.15,0,0,1-17.9,12.06L29,81.91h0V28.74L50.19,37A13.17,13.17,0,0,0,68.08,25.3h0Z'/%3e%3cpath%20class='cls-3'%20d='M68.08,25.3a13.19,13.19,0,0,1-6.73,10.87A13.09,13.09,0,0,1,50.19,37L29,28.74V6A3.76,3.76,0,0,1,34.1,2.52l25.59,9.91A13.22,13.22,0,0,1,68.08,25.3Z'/%3e%3cpath%20class='cls-4'%20d='M129.06,81.76a4.33,4.33,0,0,1-3.19-1.31,4.4,4.4,0,0,1-1.31-3.24V56.86H97.65V77.21a4.36,4.36,0,0,1-1.35,3.2A4.68,4.68,0,0,1,93,81.76a4.32,4.32,0,0,1-3.19-1.31,4.37,4.37,0,0,1-1.32-3.24V27.27A4.58,4.58,0,0,1,89.83,24a4.59,4.59,0,0,1,7.82,3.27V48.15h26.91V27.27A4.58,4.58,0,0,1,125.91,24a4.59,4.59,0,0,1,7.82,3.27V77.21a4.37,4.37,0,0,1-1.36,3.2A4.65,4.65,0,0,1,129.06,81.76Z'/%3e%3cpath%20class='cls-4'%20d='M163.77,81.66c-6.57,0-11.76-1.92-15.44-5.7s-5.54-9.07-5.54-15.74a26.76,26.76,0,0,1,2.09-10.43,17.72,17.72,0,0,1,6.67-8.06,19.15,19.15,0,0,1,10.68-2.95,19,19,0,0,1,10.46,2.8,18.7,18.7,0,0,1,6.55,7.36,22.53,22.53,0,0,1,2.36,10.28A4.51,4.51,0,0,1,177,63.77H152.23a10.8,10.8,0,0,0,3.49,6.65c2,1.68,4.88,2.52,8.66,2.52a22.25,22.25,0,0,0,7.54-1.21c.74-.3,1.55-.67,2.37-1.07a3.75,3.75,0,0,1,1.84-.4,4.09,4.09,0,0,1,3,1.15,4,4,0,0,1,1.12,3,4.38,4.38,0,0,1-2.58,3.82,32.34,32.34,0,0,1-6.36,2.61A28.67,28.67,0,0,1,163.77,81.66ZM172.4,55.9a9.72,9.72,0,0,0-1.63-4.56A9.9,9.9,0,0,0,167,48a10.38,10.38,0,0,0-4.64-1.14,12,12,0,0,0-4.77,1.06,9.54,9.54,0,0,0-4.89,5.66,11.78,11.78,0,0,0-.51,2.3Z'/%3e%3cpath%20class='cls-4'%20d='M193,81.64a4.49,4.49,0,0,1-4.51-4.55V27.28A4.58,4.58,0,0,1,189.84,24a4.48,4.48,0,0,1,3.28-1.36A4.36,4.36,0,0,1,196.35,24a4.46,4.46,0,0,1,1.31,3.31V77.09a4.34,4.34,0,0,1-1.35,3.2A4.67,4.67,0,0,1,193,81.64Z'/%3e%3cpath%20class='cls-4'%20d='M263.79,81.71a5.7,5.7,0,0,1-4.2-1.74,5.76,5.76,0,0,1-1.73-4.19V27.37a4.58,4.58,0,0,1,1.35-3.27A4.59,4.59,0,0,1,267,27.37V72.53h24a4.58,4.58,0,0,1,3.27,7.82A4.66,4.66,0,0,1,291,81.71Z'/%3e%3cpath%20class='cls-4'%20d='M424.48,81.74a4.71,4.71,0,0,1-2.71-.88,5.43,5.43,0,0,1-1-1l-.07-.09-12.41-17-5.41,5v9.44a4.31,4.31,0,0,1-1.36,3.19,4.66,4.66,0,0,1-3.3,1.36A4.29,4.29,0,0,1,395,80.42a4.36,4.36,0,0,1-1.32-3.23V27.37A4.58,4.58,0,0,1,395,24.1a4.52,4.52,0,0,1,6.58.12,4.54,4.54,0,0,1,1.24,3.15V56.31l17.72-16.38.05,0a4.8,4.8,0,0,1,2.94-1.11,4.4,4.4,0,0,1,3.27,1.2,4.57,4.57,0,0,1,1.2,3.27,4.44,4.44,0,0,1-.77,2.33,7.45,7.45,0,0,1-1.43,1.65l-11,9.64,13.34,17.68a5,5,0,0,1,1,2.71,4.12,4.12,0,0,1-1.36,3.24A4.64,4.64,0,0,1,424.48,81.74Z'/%3e%3cpath%20class='cls-4'%20d='M317.93,81.76a21.5,21.5,0,1,1,21.17-21.5A21.37,21.37,0,0,1,317.93,81.76Zm0-34.1a12.61,12.61,0,1,0,12.42,12.6A12.52,12.52,0,0,0,317.93,47.66Z'/%3e%3cpath%20class='cls-4'%20d='M212.18,101.22a4.12,4.12,0,0,1-3.05-1.26,4.17,4.17,0,0,1-1.26-3.1V43.34a4.37,4.37,0,0,1,1.3-3.14,4.26,4.26,0,0,1,3.13-1.3,4.19,4.19,0,0,1,3.1,1.26,4.32,4.32,0,0,1,1.26,3.16,20.77,20.77,0,0,1,13-4.54,21.51,21.51,0,0,1,0,43,20.51,20.51,0,0,1-13-4.57V96.86a4.15,4.15,0,0,1-1.3,3.06A4.5,4.5,0,0,1,212.18,101.22Zm17.43-53.63c-6.23,0-12.93,4.11-12.93,12.72a12.73,12.73,0,0,0,25.46,0A12.71,12.71,0,0,0,229.61,47.59Z'/%3e%3cpath%20class='cls-4'%20d='M365.76,81.76a21.5,21.5,0,1,1,21.18-21.5A21.37,21.37,0,0,1,365.76,81.76Zm0-34.1a12.61,12.61,0,1,0,12.42,12.6A12.52,12.52,0,0,0,365.76,47.66Z'/%3e%3c/svg%3e)