Introduction
Adding Sign in with Google lets your users register and log in with the account they already use every day. You’ll create an OAuth 2.0 client in the Google Cloud Console, then paste its credentials into your admin Auth Settings page. Credentials are stored securely in the database and applied automatically — there are no.env edits or code changes.
Google must return an email address. If the account doesn’t share an email, the sign-in is rejected. The basic profile scopes below cover this.
Before you start
- Admin access to your MagicAds platform.
- A Google account with access to the Google Cloud Console.
- Your site’s public URL (HTTPS strongly recommended).
Step 1 — Note your Callback URL
The callback URL is where Google sends users back after they approve sign-in. It always follows this pattern:https://app.example.com/auth/google/callback
If your site uses a language prefix in its URLs (localization), the callback may include a locale segment such as
https://app.example.com/en/auth/google/callback. Whatever you enter in the Callback URL field in Auth Settings must match the value registered in Google Cloud character-for-character.Step 2 — Create your Google OAuth credentials
Google has reorganized this area into the Google Auth Platform. Depending on your project, the APIs & Services → OAuth consent screen menu item may now open (or redirect to) the Google Auth Platform, where the old consent-screen settings are split across Branding, Audience, Clients and Data Access tabs. The steps below follow this current layout. You can also open it directly at console.cloud.google.com/auth/overview.
Open the Google Cloud Console
Go to console.cloud.google.com and sign in.
Create or select a project
Use the project picker in the top bar to create a new project (e.g. “MagicAds Login”) or select an existing one.
Set up the Google Auth Platform
In the left menu open Google Auth Platform (or APIs & Services → OAuth consent screen). If this is a new project, click Get started and complete the short wizard:
- App Information — enter an App name and a User support email.
- Audience — choose External so any Google user can sign in.
- Contact Information — add a developer email address.
- Agree to the policy and click Create.
Add your scopes (Data Access)
Open the Data Access tab and click Add or remove scopes. Add the basic profile scopes —
userinfo.email, userinfo.profile, and openid — then Update and Save. These let the app read the user’s email and name.Optionally, on the Branding tab you can add your domain under Authorized domains (e.g. example.com) and set your logo and links.Create the OAuth client (Clients)
Open the Clients tab and click Create client (in the classic layout this is APIs & Services → Credentials → Create Credentials → OAuth client ID).
- Application type: Web application.
- Name: anything recognizable (e.g. “MagicAds Web”).
- Under Authorized JavaScript origins, add your site origin:
https://YOUR_DOMAIN. - Under Authorized redirect URIs, add your callback URL from Step 1:
https://YOUR_DOMAIN/auth/google/callback. - Click Create.
Publish the app
Open the Audience tab. While the publishing status is Testing, only the test users you list can sign in — click Publish app to make Google login available to everyone.
Step 3 — Configure MagicAds
Enable the master switch
Turn on Social Media Login. This is the master switch for all social providers, and it saves immediately.
Enable Google and enter credentials
Turn on the Google toggle, then fill in:
- API Key → paste your Google Client ID.
- API Secret → paste your Google Client Secret.
- Callback URL → enter
https://YOUR_DOMAIN/auth/google/callback(must match the redirect URI in Google Cloud exactly).
Field mapping reference
| MagicAds field | Google Cloud value |
|---|---|
| API Key | Client ID |
| API Secret | Client Secret |
| Callback URL | Authorized redirect URI (/auth/google/callback) |
Step 4 — Test it
- Open your site’s login page in a private/incognito window.
- Click Sign in with Google.
- Approve the Google consent screen.
- You should be redirected back and logged into your dashboard.
That’s it — your users can now register and log in with Google.
Troubleshooting
| Symptom | Likely cause | Fix |
|---|---|---|
redirect_uri_mismatch error from Google | The redirect URI doesn’t match | Make the Authorized redirect URI in Google Cloud exactly equal the Callback URL in Auth Settings (including https, domain, and any locale prefix). |
| Google button doesn’t appear | Master switch off, Google toggle off, or credentials blank | Enable Social Media Login and Google, and fill both API Key and API Secret. |
| ”Access blocked: app not verified” / only test users can log in | Publishing status still in Testing | Add test users under Audience, or click Publish app on the Audience tab. |
| ”Your social account did not share an email address” | Email scope missing | Ensure the userinfo.email scope is added under Data Access. |
| ”Registration is currently closed” after Google approval | New-user creation blocked | Enable public registration in your platform settings, or pre-create the account. |
| Login works but no avatar/name | Profile scope missing | Ensure the userinfo.profile scope is added under Data Access. |
Credentials are stored securely and applied at runtime. There’s no need to edit
.env or run any commands after saving.
