Skip to main content

Google Cloud Console Setup

This guide walks you through creating the Google OAuth credentials required for OneTap Login to work. The process takes about 5-10 minutes.

No Cost

Google Cloud Console is free to use for OAuth authentication. You don't need to add billing information or pay anything.

Overview

You'll need to:

  1. Create a Google Cloud project
  2. Configure the OAuth consent screen
  3. Create OAuth 2.0 credentials
  4. Add your domain as authorized origin
  5. Copy the Client ID to the plugin

Step 1: Access Google Cloud Console

  1. Go to Google Cloud Console
  2. Sign in with your Google account (any Google account works)

Google Cloud Console

Step 2: Create a New Project

  1. Click the project dropdown at the top of the page
  2. Click New Project
  3. Enter a project name (e.g., "My WooCommerce Store")
  4. Click Create
  5. Wait for the project to be created (a few seconds)
  6. Make sure the new project is selected
Project Naming

Use a descriptive name like "YourStoreName OAuth" so you can identify it later.

Before creating credentials, you must configure the OAuth consent screen.

  1. In the left sidebar, click APIs & Services
  2. Click OAuth consent screen

3.2: Select User Type

  1. Select External (unless you have Google Workspace and want internal only)
  2. Click Create
External vs Internal
  • External: Anyone with a Google account can use it (required for most websites)
  • Internal: Only users in your Google Workspace organization (business/enterprise only)

3.3: Fill in App Information

App name: Your store name (e.g., "My WooCommerce Store")

User support email: Your email address

App logo: Optional (can skip)

App domain:

  • Application home page: https://yourdomain.com
  • Application privacy policy: https://yourdomain.com/privacy
  • Application terms of service: https://yourdomain.com/terms
Domain Links

These URLs are shown on Google's consent screen. Use your actual privacy and terms pages.

Developer contact information: Your email address

Click Save and Continue

3.4: Scopes (Permissions)

  1. Click Add or Remove Scopes
  2. Select these scopes:
    • email - See your primary email address
    • profile - See your personal info
    • openid - Associate you with your personal info
  3. Click Update
  4. Click Save and Continue

3.5: Test Users (Optional)

For testing before verification:

  1. Click Add Users
  2. Add email addresses of test users
  3. Click Save and Continue

3.6: Summary

  1. Review your settings
  2. Click Back to Dashboard

Step 4: Create OAuth Credentials

Now create the actual credentials:

4.1: Access Credentials Page

  1. In the left sidebar, click Credentials
  2. Click Create Credentials at the top
  3. Select OAuth client ID

Create Credentials

4.2: Configure OAuth Client

Application type: Select Web application

Name: Enter a name (e.g., "WooCommerce OneTap Login")

4.3: Add Authorized JavaScript Origins

This tells Google which domains can use these credentials.

Click Add URI under "Authorized JavaScript origins" and add:

https://yourdomain.com
Replace with Your Domain

Replace yourdomain.com with your actual domain. Include the full URL with https://.

If you have multiple domains (e.g., www and non-www), add both:

https://yourdomain.com
https://www.yourdomain.com

For local development (optional):

http://localhost
http://localhost:8080

OAuth Origins and URIs

4.4: Add Authorized Redirect URIs

Click Add URI under "Authorized redirect URIs" and add:

https://yourdomain.com/wp-json/onetap/v1/callback
https://yourdomain.com
Why Two URIs?
  • The /wp-json/onetap/v1/callback is for the OAuth callback
  • The plain domain is for One Tap popup authentication

4.5: Create the Credentials

  1. Click Create
  2. A popup appears with your credentials
  3. Copy the Client ID (you'll need this)
  4. The Client Secret is shown but not required for this plugin

OAuth Credentials Created

Save Your Client ID

Copy your Client ID somewhere safe. It looks like:

123456789012-abcdefghijklmnopqrstuvwxyz123456.apps.googleusercontent.com

Step 5: Enable Required APIs

You may need to enable the Google Identity Toolkit API:

  1. Go to APIs & Services > Library
  2. Search for "Identity Toolkit API"
  3. Click on it and click Enable

Also enable:

  • People API (for profile information)

Step 6: Verify Your Setup

Before continuing to plugin configuration, verify:

  • Project created and selected
  • OAuth consent screen configured
  • OAuth credentials created (Web application type)
  • Your domain added to JavaScript origins
  • Callback URL added to redirect URIs
  • Client ID copied

Common Setup Issues

"Error 400: redirect_uri_mismatch"

Cause: The redirect URI in Google Cloud doesn't match your site URL.

Solution:

  1. Go to Credentials in Google Cloud Console
  2. Click on your OAuth client
  3. Verify the redirect URIs exactly match:
    • https://yourdomain.com/wp-json/onetap/v1/callback
    • https://yourdomain.com
  4. Check for typos, trailing slashes, www vs non-www

"Error 403: access_denied"

Cause: OAuth consent screen not properly configured.

Solution:

  1. Complete all required fields in OAuth consent screen
  2. Add test users if in "Testing" mode
  3. Make sure the requesting user is a test user

"Error: The OAuth client was not found"

Cause: Wrong Client ID or credentials deleted.

Solution:

  1. Verify you copied the complete Client ID
  2. Check if credentials still exist in Google Cloud Console
  3. Create new credentials if needed

"idpiframe_initialization_failed"

Cause: Domain not authorized or HTTPS issue.

Solution:

  1. Verify your domain is in "Authorized JavaScript origins"
  2. Ensure you're using HTTPS (not HTTP)
  3. Check for mixed content warnings

Publishing Your App

Testing Mode

By default, your app is in "Testing" mode:

  • Only test users you add can use it
  • Shows "Google hasn't verified this app" warning
  • Limited to 100 test users

Production Mode

To remove restrictions:

  1. Go to OAuth consent screen
  2. Click Publish App
  3. Confirm publishing
Verification Not Required

For basic authentication (email, profile), you don't need to go through Google's verification process. Just click "Publish App" and it will work for all users.

Security Best Practices

Protect Your Client ID

  • Don't share your Client ID publicly
  • Don't commit it to version control
  • Use environment variables in production

Restrict Your Credentials

In Google Cloud Console:

  1. Go to Credentials
  2. Click your OAuth client
  3. Under "Authorized JavaScript origins", only add domains you control
  4. Remove localhost origins for production sites

Monitor Usage

  1. Go to APIs & Services > Dashboard
  2. Monitor API usage and errors
  3. Set up alerts for unusual activity

Next Steps

Now that you have your Google credentials:

  1. Configure the Plugin - Enter your Client ID
  2. Verify Everything Works - Test the connection

Quick Reference

FieldValue
Application typeWeb application
Authorized JavaScript originhttps://yourdomain.com
Authorized redirect URIhttps://yourdomain.com/wp-json/onetap/v1/callback
Required scopesemail, profile, openid