This knowledge base article walks you through two common setups:
- Create Google OAuth 2.0 credentials for “Login with Google”.
- Configure SMTP credentials for your email client or application.
Part 1 — Google OAuth 2.0 Credentials (Login with Google)
What you’ll get: an OAuth 2.0 Client ID and Client Secret to enable Sign in with Google on your website or app.
A. Create a Google Cloud project & enable APIs
- Go to the Google Cloud Console and sign in with your Google account.
- Create a new Project (or select an existing one) and note the Project ID.
- Open APIs & Services → Enabled APIs & services and click + ENABLE APIS AND SERVICES.
- Enable Google Identity Services (or Google People API if your app needs profile details beyond basic scopes).
B. Configure the OAuth consent screen
- Navigate to APIs & Services → OAuth consent screen.
- Select External (for consumer use) or Internal (for Google Workspace within your organization).
- Fill in App name, Support email, and (optional but recommended) App logo.
- Add your Authorized domains (e.g.,
example.com). - Under Scopes, include at minimum:
openidemailprofile
- Save and continue. For External apps, you can keep the app in Testing mode while you verify.
C. Create OAuth 2.0 Client ID & Secret
- Go to APIs & Services → Credentials and click + CREATE CREDENTIALS → OAuth client ID.
- Choose Application type: Web application (for websites) or the type that matches your platform.
- Set a name, e.g., Web Client for Login.
- Under Authorized JavaScript origins, add your site origins, e.g.:
https://example.comhttp://localhost:3000(for local testing)
- Under Authorized redirect URIs, add the URL(s) your app uses to handle the OAuth callback, e.g.:
https://example.com/auth/google/callbackhttp://localhost:3000/auth/google/callback
Tip: The redirect URI must match exactly (scheme, domain, path, and port). - Click Create to obtain your Client ID and Client Secret.
D. Configure your application
- Set environment variables (recommended):
GOOGLE_CLIENT_ID=your_client_id_here GOOGLE_CLIENT_SECRET=your_client_secret_here GOOGLE_REDIRECT_URI=https://example.com/auth/google/callback - In your backend, implement the standard OAuth flow:
- Redirect users to Google’s authorization endpoint with scopes
openid email profile. - Handle the callback at your redirect URI and exchange the authorization code for tokens.
- Verify the ID token (JWT) signature and audience (
audmust match your Client ID). - Create or look up the user in your DB using the token’s
sub(Google user ID) and email.
- Redirect users to Google’s authorization endpoint with scopes
- For frontend-only implementations, use Google Identity Services (GIS) button and verify the token on your server.
E. Test, publish, and verify
- Test with
localhostorigins/redirect URIs added in the credentials. - If your app is External and will serve more than 100 test users or needs sensitive scopes, complete Google’s verification steps on the consent screen page.
- Switch from Testing to In production when ready.
Security: Never commit your Client Secret to source control. Store secrets in a secure vault or environment variables.
Common OAuth Issues & Fixes
- redirect_uri_mismatch: Ensure the callback URL exactly matches an Authorized redirect URI.
- invalid_scope: Use correct scopes (
openid email profile) and re-consent if you change them. - 403: access_denied: App not verified or user not in test users list (when in Testing mode).
Part 2 — SMTP Credentials for Email Client / App
What you’ll get: the SMTP server, port, username, password, and encryption settings to send emails from your app or email client.
A. Gather the required SMTP fields
| Field | What to Enter | Example |
|---|---|---|
| SMTP Server (Host) | Your provider’s SMTP hostname | smtp.gmail.com, smtp.office365.com, mail.example.com |
| Port | 587 (STARTTLS) or 465 (SSL) | 587 (recommended) or 465 |
| Encryption | STARTTLS or SSL/TLS | STARTTLS (for 587) / SSL/TLS (for 465) |
| Username | Your full email address | you@example.com |
| Password | Email password or App Password (preferred) | 16-character app password where supported |
| From / Sender | Verified sender address | no-reply@example.com |
B. Gmail / Google Workspace — options
- Personal Gmail (recommended): Use an App Password
- Enable 2-Step Verification on your Google Account.
- Create an App Password (type: Mail; device: Other or your app name).
- Use:
- SMTP server:
smtp.gmail.com - Port:
587(STARTTLS) or465(SSL) - Username: your full Gmail address
- Password: the generated app password
- SMTP server:
- Google Workspace (business): Three approaches
- Direct SMTP with user credentials (with App Password if allowed).
- SMTP Relay service via Admin Console:
- Set allowed senders (e.g., Only addresses in your domain) and optionally restrict by IP.
- Use relay host (provided in Admin Console), typically on port
587with TLS.
- OAuth2 for SMTP (advanced): Use XOAUTH2 tokens instead of passwords.
C. Configure your email client / app
- Open your app’s email settings and choose SMTP for outgoing mail.
- Enter the server, port, encryption, username, and password (or OAuth2 token) from above.
- Set the From / Sender address to a verified mailbox or domain.
- Send a test message and check logs for any authentication or TLS errors.
D. Recommended DNS & deliverability setup
- SPF: include your sending provider’s servers (e.g.,
v=spf1 include:_spf.google.com ~all). - DKIM: enable and publish the CNAME/TXT keys provided by your mail platform.
- DMARC: start with
p=nonefor monitoring, then move toquarantineorrejectas your alignment improves.
E. Sample SMTP config snippets
Node.js (Nodemailer)
const nodemailer = require('nodemailer');
const transporter = nodemailer.createTransport({
host: 'smtp.gmail.com',
port: 587,
secure: false, // true for 465
auth: {
user: 'you@example.com',
pass: 'app-password-here'
}
});
await transporter.sendMail({
from: 'no-reply@example.com',
to: 'user@example.com',
subject: 'Test',
text: 'Hello!'
});
PHP (PHPMailer)
$mail = new PHPMailer(true);
$mail->isSMTP();
$mail->Host = 'smtp.gmail.com';
$mail->SMTPAuth = true;
$mail->Username = 'you@example.com';
$mail->Password = 'app-password-here';
$mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS; // or PHPMailer::ENCRYPTION_SMTPS for 465
$mail->Port = 587;
$mail->setFrom('no-reply@example.com', 'Your App');
$mail->addAddress('user@example.com');
$mail->Subject = 'Test';
$mail->Body = 'Hello!';
$mail->send();
Security: Use App Passwords or OAuth2 instead of your main account password. Store credentials in environment variables or a secrets manager.
Common SMTP Issues & Fixes:
- Authentication failed: Wrong password, 2-Step Verification required, or App Password missing.
- TLS/SSL errors: Use the correct port/encryption pair (587+STARTTLS or 465+SSL/TLS).
- Relay denied: Sender not authorized (check Workspace SMTP relay policies and SPF/DKIM/DMARC).
- Spam folder: Complete SPF/DKIM/DMARC, use a custom domain, and warm up sending.
Quick Reference
| Use Case | Key Steps |
|---|---|
| Login with Google | Create project → Consent screen → OAuth Client ID (Web) → Add origins & redirect URIs → Implement flow → Test & verify |
| SMTP Sending | Get host/port/encryption → Use App Password or OAuth2 → Configure client → Set SPF/DKIM/DMARC → Test |
Checklist
- ✅ OAuth consent screen configured and saved
- ✅ Authorized domains, origins, and redirect URIs added
- ✅ Client ID & Secret stored securely (not in source control)
- ✅ SMTP works with TLS and a valid App Password or OAuth2
- ✅ SPF/DKIM/DMARC DNS records published
- ✅ Test sign-in and test email both pass
