Get started
We are having lots of fun on Discord. Come and join us!
Star on GitHub 45.1K Get started
Back

Google Oauth2 - Consent Screen confusion

  • 0
  • Auth
View on Discord
Pingu
12 Aug, 2024, 00:07

Hey, so I've not done much traditional auth stuff (most of my web experience comes from Web3, where you login with a wallet etc, and in my day job auth is handled by someone else)

I've gone and setup oauth and it appears to be working as expected (using google). I had to go through steps with Google to setup the consent screen and add test users before I could get an app id and secret from them. However, when I GET /v1/account/sessions/oauth/google, the google redirect URL shows a consent screen for Appwrite, and not for anything I had setup. (see screenshot, there are interfaces you can see similar to that).

Is this because I haven't verified with Google yet (as I don't have a tos etc that I can give them currently) or will it always show Appwrite branding on the google oauth page? I also noticed that I can successfully authenticate with emails here that are not on my test users list for the same app.

I have another query relating to google oauth, but its a bit different so for the sake of each thread asking about 1 topic, I'll create a different one for that shortly.

TL;DR
Developers are discussing how to set up Google OAuth2 and resolve confusion around the consent screen displaying Appwrite branding instead of their setup. The developers suggest adding the domain as a web app in the Google Console, using a CNAME entry in DNS, and updating the redirect URI settings in Google. They also clarify that Google will show the custom domain instead of appwrite.io. Additionally, verification of the Terms of Service screen is only necessary for higher scopes accessing sensitive user information.
Joshi
12 Aug, 2024, 00:11

It will use the callback url that you provide to google. I think if you were to use a custom domain it would show that custom domain instead of appwrite.io

In general you do not need to verify the TOS screen in order to use oauth. Only in cases where you use higher scopes where you can access sensitive user information then google will access for verification.

Pingu
12 Aug, 2024, 00:21

When I set up the google side of things, I provided this URI (I am only testing things right now, and don't have a domain that I am using currently). The idea is that I replace this setting in Google with my own redirect URI? I would need to then handle stuff on that URI right?

(I was already passing a localhost domain as the success and fail url, if thats what you meant)

Joshi
12 Aug, 2024, 00:23

Yes this is the callback I meant. I do not use cloud so I'm not sure but in theory you can map a domain to cloud.appwrite.io and then use that link instead

Joshi
12 Aug, 2024, 00:24

Put a CNAME entry in your dns like cloud.appwrite.io => cloud.yourdomain.com

Joshi
12 Aug, 2024, 00:24

then use that domain instead cloud.yourdomain.com/v1/account/...

Joshi
12 Aug, 2024, 00:25

You have to add that domain in your console as web app tho

Pingu
12 Aug, 2024, 00:29

Yeah makes sense, cheers.

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more