Back to Documentation

Setting Up Google OAuth Provider

This guide walks you through creating a Google Cloud OAuth 2.0 client and connecting it to AutoSmoke so your tests can run against authenticated pages.

Prerequisites

Step 1: Create a Google Cloud Project

  1. Go to Google Cloud Console
  2. Click the project selector dropdown at the top of the page
  3. Click New Project
  4. Enter a name (e.g. "AutoSmoke Testing") and click Create
  5. Select your new project from the project selector

Step 2: Enable the Required APIs

  1. Navigate to APIs & Services > Library
  2. Search for Google Identity and enable it
  3. If your tests interact with Google services (Gmail, Drive, etc.), enable those APIs too

Step 3: Configure the OAuth Consent Screen

  1. Go to APIs & Services > OAuth consent screen
  2. Select External user type (or Internal if using Google Workspace) and click Create
  3. Fill in the required fields:
    • App name: e.g. "AutoSmoke Testing"
    • User support email: your email address
    • Developer contact email: your email address
  4. Click Save and Continue
  5. On the Scopes page, click Add or Remove Scopes and add:
    • openid
    • email
    • profile
    • Any additional scopes your application requires
  6. Click Save and Continue
  7. On the Test users page, add the Google account email(s) you will use for testing
  8. Click Save and Continue, then Back to Dashboard

Note: While in "Testing" publishing status, only test users you explicitly add can authorize. Move to "Production" if you need any Google account to work (requires Google verification for sensitive scopes).

Step 4: Create OAuth 2.0 Credentials

  1. Go to APIs & Services > Credentials
  2. Click + Create Credentials > OAuth client ID
  3. Set Application type to Web application
  4. Give it a name (e.g. "AutoSmoke")
  5. Under Authorized redirect URIs, add:
https://app.autosmoke.dev/api/auth/google-oauth/callback

If you are running AutoSmoke locally for development, also add:

http://localhost:3000/api/auth/google-oauth/callback
  1. Click Create
  2. A dialog will show your Client ID and Client Secret — copy both values

Step 5: Configure AutoSmoke

  1. Open your project in AutoSmoke
  2. Go to Settings and click Configure Authentication
  3. Paste your Client ID and Client Secret into the corresponding fields
  4. Set Scopes to match the scopes you configured in Step 3 (defaults are openid,email,profile)

Step 6: Generate a Refresh Token

  1. In the Authentication Configuration dialog, click the Generate button next to the Refresh Token field
  2. A Google consent popup will appear — sign in with the test account you want to use
  3. Grant the requested permissions
  4. The refresh token will be filled in automatically

Tip: If you don't receive a refresh token, you may need to revoke previous access first. Go to myaccount.google.com/permissions, find the app, and click Remove Access. Then try generating again.

Step 7: Optional — Token Exchange URL

If your application has a backend endpoint that converts Google access tokens into session cookies, enter its URL in the Token Exchange URL field. AutoSmoke will call this endpoint during test setup to establish an authenticated session.

Leave this blank if you want AutoSmoke to inject the tokens as flow variables instead.

Step 8: Optional — Cookie Domain

If your application uses cookies scoped to a specific domain (e.g. .example.com), enter that domain in the Cookie Domain field. This ensures authentication cookies are sent correctly during tests.

Step 9: Test the Connection

  1. Click Save to store your configuration
  2. Re-open the Authentication Configuration dialog
  3. Click Test Connection to verify everything works
  4. You should see a green confirmation with the email of the authenticated account

Troubleshooting

"No refresh token returned"

Google only issues a refresh token on the first authorization. If you've previously authorized this app:

  1. Go to myaccount.google.com/permissions
  2. Find the app and click Remove Access
  3. Try generating the refresh token again

"redirect_uri_mismatch" error

The redirect URI in your Google Cloud credentials must exactly match:

https://app.autosmoke.dev/api/auth/google-oauth/callback

Check for trailing slashes, http vs https, and typos.

"Access blocked: app has not been verified"

If your consent screen is in "Testing" mode, make sure the Google account you're using is listed as a test user in the consent screen configuration (Step 3.7).

Token expires or stops working

Refresh tokens can be invalidated if:

  • The user revokes access
  • The OAuth client credentials are changed
  • The token has been unused for 6 months
  • Google's security policies detect suspicious activity

Re-generate the refresh token using the Generate button to fix this.