Skip to main content

Introduction

Adding Sign in with Google lets your users register and log in with the account they already use every day. You’ll create an OAuth 2.0 client in the Google Cloud Console, then paste its credentials into your admin Auth Settings page. Credentials are stored securely in the database and applied automatically — there are no .env edits or code changes.
Google must return an email address. If the account doesn’t share an email, the sign-in is rejected. The basic profile scopes below cover this.

Before you start

  • Admin access to your MagicAds platform.
  • A Google account with access to the Google Cloud Console.
  • Your site’s public URL (HTTPS strongly recommended).

Step 1 — Note your Callback URL

The callback URL is where Google sends users back after they approve sign-in. It always follows this pattern:
https://YOUR_DOMAIN/auth/google/callback
For example: https://app.example.com/auth/google/callback
If your site uses a language prefix in its URLs (localization), the callback may include a locale segment such as https://app.example.com/en/auth/google/callback. Whatever you enter in the Callback URL field in Auth Settings must match the value registered in Google Cloud character-for-character.
Keep this URL handy — you’ll need it in the next steps.

Step 2 — Create your Google OAuth credentials

Google has reorganized this area into the Google Auth Platform. Depending on your project, the APIs & Services → OAuth consent screen menu item may now open (or redirect to) the Google Auth Platform, where the old consent-screen settings are split across Branding, Audience, Clients and Data Access tabs. The steps below follow this current layout. You can also open it directly at console.cloud.google.com/auth/overview.
1

Open the Google Cloud Console

Go to console.cloud.google.com and sign in.
2

Create or select a project

Use the project picker in the top bar to create a new project (e.g. “MagicAds Login”) or select an existing one.
3

Set up the Google Auth Platform

In the left menu open Google Auth Platform (or APIs & Services → OAuth consent screen). If this is a new project, click Get started and complete the short wizard:
  • App Information — enter an App name and a User support email.
  • Audience — choose External so any Google user can sign in.
  • Contact Information — add a developer email address.
  • Agree to the policy and click Create.
4

Add your scopes (Data Access)

Open the Data Access tab and click Add or remove scopes. Add the basic profile scopes — userinfo.email, userinfo.profile, and openid — then Update and Save. These let the app read the user’s email and name.Optionally, on the Branding tab you can add your domain under Authorized domains (e.g. example.com) and set your logo and links.
5

Create the OAuth client (Clients)

Open the Clients tab and click Create client (in the classic layout this is APIs & Services → Credentials → Create Credentials → OAuth client ID).
  • Application type: Web application.
  • Name: anything recognizable (e.g. “MagicAds Web”).
  • Under Authorized JavaScript origins, add your site origin: https://YOUR_DOMAIN.
  • Under Authorized redirect URIs, add your callback URL from Step 1: https://YOUR_DOMAIN/auth/google/callback.
  • Click Create.
6

Publish the app

Open the Audience tab. While the publishing status is Testing, only the test users you list can sign in — click Publish app to make Google login available to everyone.
7

Copy the credentials

Back on the Clients tab, open your client and copy the Client ID and Client Secret. You’ll paste them into MagicAds next.

Step 3 — Configure MagicAds

1

Open Auth Settings

In your platform, go to Admin → Backend Settings → Auth Settings.
2

Enable the master switch

Turn on Social Media Login. This is the master switch for all social providers, and it saves immediately.
3

Enable Google and enter credentials

Turn on the Google toggle, then fill in:
  • API Key → paste your Google Client ID.
  • API Secret → paste your Google Client Secret.
  • Callback URL → enter https://YOUR_DOMAIN/auth/google/callback (must match the redirect URI in Google Cloud exactly).
4

Save

Click Save. Google only appears as a login option once it’s enabled and both the API Key and API Secret are filled in.

Field mapping reference

MagicAds fieldGoogle Cloud value
API KeyClient ID
API SecretClient Secret
Callback URLAuthorized redirect URI (/auth/google/callback)

Step 4 — Test it

  1. Open your site’s login page in a private/incognito window.
  2. Click Sign in with Google.
  3. Approve the Google consent screen.
  4. You should be redirected back and logged into your dashboard.
That’s it — your users can now register and log in with Google.

Troubleshooting

SymptomLikely causeFix
redirect_uri_mismatch error from GoogleThe redirect URI doesn’t matchMake the Authorized redirect URI in Google Cloud exactly equal the Callback URL in Auth Settings (including https, domain, and any locale prefix).
Google button doesn’t appearMaster switch off, Google toggle off, or credentials blankEnable Social Media Login and Google, and fill both API Key and API Secret.
”Access blocked: app not verified” / only test users can log inPublishing status still in TestingAdd test users under Audience, or click Publish app on the Audience tab.
”Your social account did not share an email address”Email scope missingEnsure the userinfo.email scope is added under Data Access.
”Registration is currently closed” after Google approvalNew-user creation blockedEnable public registration in your platform settings, or pre-create the account.
Login works but no avatar/nameProfile scope missingEnsure the userinfo.profile scope is added under Data Access.
Credentials are stored securely and applied at runtime. There’s no need to edit .env or run any commands after saving.