Google OAuth

Google sign-in via NextAuth v5 with provider configuration on the frontend and canonical backend user synchronization on the server.

Setup

Go to console.cloud.google.com
Create a new project (or use an existing one)
Navigate to APIs & Services - Credentials
Click Create Credentials - OAuth client ID
Application type: Web application
Add authorized redirect URI: http://localhost:3000/api/auth/callback/google (development) and https://yourdomain.com/api/auth/callback/google (production)
Copy the Client ID and Client Secret

Environment variables

.env.local

AUTH_GOOGLE_ID=your-client-id.apps.googleusercontent.com
AUTH_GOOGLE_SECRET=your-client-secret

Callback URL

The callback URL must be registered exactly in Google Cloud Console:

# Development
http://localhost:3000/api/auth/callback/google

# Production
https://yourdomain.com/api/auth/callback/google

Backend user sync

Google sign-in does more than redirect through NextAuth. On successful OAuth login, the auth callbacks create or update a canonical backend user record and then reload the stored values back into the JWT and session.

Smoke test

Open /login or /register.
Click the Google button and complete consent.
Confirm redirect to /dashboard.
Confirm logout returns you to /login.
Verify the backend user record exists or updates correctly for the Google email.

Removing Google OAuth

If you don't need Google sign-in, remove it from providers in lib/auth.ts:

lib/auth.ts

providers: [
  Credentials({ ... }),
  // Remove or comment out the Google provider:
  // Google({
  //   clientId: process.env.AUTH_GOOGLE_ID,
  //   clientSecret: process.env.AUTH_GOOGLE_SECRET,
  // }),
]

You can also remove AUTH_GOOGLE_ID and AUTH_GOOGLE_SECRET from .env.local if unused.

Credentials

Email verification