Command Palette

Search for a command to run...

Documentation

Setting Up Google OAuth Authentication

How to configure your Google OAuth credentials in AutoSmoke so your tests can run against authenticated pages.

This guide walks you through configuring Google OAuth in AutoSmoke using your existing Google OAuth 2.0 client credentials. By the end, your smoke tests will be able to sign in automatically before running.

Prerequisites#

  • A Google OAuth 2.0 client with a Client ID and Client Secret (created in Google Cloud Console under APIs & Services > Credentials)
  • An AutoSmoke project with a site configured

Step 1: Add the AutoSmoke Redirect URI to Your Google Client#

Before configuring AutoSmoke, your Google OAuth client must allow AutoSmoke's callback URL.

  1. Open Google Cloud Console and navigate to APIs & Services > Credentials
  2. Click on your OAuth 2.0 client to edit it
  3. Under Authorized redirect URIs, add:
https://autosmoke.dev/api/auth/google-oauth/callback
  1. Click Save

Your consent screen configuration determines which accounts can authorize and what permissions are requested.

  1. In Google Cloud Console, go to APIs & Services > OAuth consent screen
  2. Verify the following:
    • Scopes include at least openid, email, and profile — these are required for AutoSmoke to identify the authenticated user
    • If your consent screen is in Testing publishing status, the Google account you plan to test with must be listed under Test users. Only explicitly added test users can complete the OAuth flow while in testing mode.

Tip: If you need any Google account to authenticate (not just test users), set your consent screen to Production publishing status. This may require Google verification if you use sensitive scopes.

Step 3: Open the Authentication Configuration in AutoSmoke#

  1. Log in to AutoSmoke and open your project
  2. Navigate to the Dashboard for the site you want to configure
  3. Find the Authentication section — it shows the current configuration status with a shield icon
  4. Click Configure Authentication (or Edit if authentication is already set up)

This opens the Authentication Configuration dialog.

Step 4: Enter Your Credentials#

In the dialog, fill in the following fields:

Client ID (required)#

Paste your Google OAuth Client ID. It looks like:

123456789-abcdefg.apps.googleusercontent.com

Client Secret (required)#

Paste your Google OAuth Client Secret. It looks like:

GOCSPX-aBcDeFgHiJkLmNoPqRsTuVwXyZ

Scopes (optional)#

Comma-separated list of OAuth scopes. Defaults to:

openid,email,profile

Add additional scopes if your application requires them (e.g. https://www.googleapis.com/auth/gmail.readonly for Gmail access).

Step 5: Generate a Refresh Token#

The refresh token allows AutoSmoke to obtain fresh access tokens for each test run without requiring manual sign-in.

  1. Click the Generate button next to the Refresh Token field
  2. A Google sign-in popup will appear
  3. Sign in with the Google account you want your tests to authenticate as
  4. Review and grant the requested permissions
  5. The popup will close and the Refresh Token field will be filled in automatically

Important: If no refresh token is returned, Google may have already issued one for this app previously. To fix this:

  1. Go to myaccount.google.com/permissions
  2. Find your app and click Remove Access
  3. Click Generate again in AutoSmoke

Step 6: Configure Optional Settings#

Token Exchange URL#

If your application has a backend endpoint that converts Google access tokens into session cookies or JWT tokens, enter its full URL here. During test setup, AutoSmoke will call this endpoint with the access token to establish an authenticated session in the browser.

Leave this blank if you want AutoSmoke to inject the tokens as flow variables instead.

If your application uses cookies scoped to a specific domain (e.g. .example.com), enter that domain here. This ensures authentication cookies are set on the correct domain during tests.

Leave this blank if you're unsure — the default behavior works for most setups.

Step 7: Save and Test#

  1. Click Save to store your configuration — all credentials are encrypted before storage
  2. Re-open the Authentication Configuration dialog
  3. Click Test Connection
  4. A successful test shows a green confirmation with the email address of the authenticated Google account

If the test fails, see the troubleshooting section below.

Troubleshooting#

"No refresh token returned"#

Google only issues a refresh token on the first authorization. If you've previously authorized this app:

  1. Go to myaccount.google.com/permissions
  2. Find the app and click Remove Access
  3. Try generating the refresh token again in AutoSmoke

"redirect_uri_mismatch" error#

The redirect URI in your Google Cloud credentials must exactly match:

https://autosmoke.dev/api/auth/google-oauth/callback

Check for trailing slashes, http vs https, and typos.

"Access blocked: app has not been verified"#

Your consent screen is in Testing mode and the Google account you're using is not listed as a test user. Add it under APIs & Services > OAuth consent screen > Test users in Google Cloud Console.

Token expires or stops working#

Refresh tokens can be invalidated if:

  • The user revokes access at myaccount.google.com/permissions
  • The OAuth client ID or secret is changed or deleted
  • The token has been unused for 6 months
  • Google's security policies detect suspicious activity

Re-generate the refresh token using the Generate button to fix this.

Test Connection shows wrong email#

The test displays the email of the Google account that authorized the refresh token. If it shows an unexpected account, click Generate again and sign in with the correct account.

Previous

Handling Authentication

Next

CI/CD Integration