Google OAuth (sign-in with Google)

Lets users register and sign in with their Google account via OAuth 2.0.

What you need

• A Google account.
• A Google Cloud project (or permission to create one). Free tier is fine.
• The Formspring server's HTTPS URL (production) and http://localhost:80 or your local dev URL for testing.

* * *

Step 1 - Create a Google Cloud project

1. Go to https://console.cloud.google.com/projectcreate.
2. Project name: Formspring (or whatever).
3. Create. Wait for the project to provision, then make sure it's selected (top bar).

* * *

Step 2 - Configure the OAuth consent screen

1. APIs & Services → OAuth consent screen.
2. User Type: External for general public sign-in. (Internal only works for Google Workspace orgs and restricts logins to your domain.)
3. Create.
4. Fill in:
   • App name: Formspring.
   • User support email: your email.
   • App logo (optional): your logo.
   • App domain: your production domain (e.g. https://formspring.io).
   • Authorised domains: add your root domain (e.g. formspring.io). All redirect URIs must live under this.
   • Developer contact information: your email.
5. Save and Continue → Scopes → keep the default openid, auth/userinfo.email, auth/userinfo.profile. If teams will use Google Sheets on your deployment, also allow (or add at consent time) the scope https://www.googleapis.com/auth/spreadsheets so Google’s consent screen matches what Formspring requests during Connect Google account on a form.
6. Save and Continue → Test users - add your own email so you can test before the app is verified.
7. Save and Continue → Back to Dashboard.

* * *

Step 3 - Create OAuth client credentials

1. APIs & Services → Credentials → + Create Credentials → OAuth client ID.
2. Application type: Web application.
3. Name: Formspring (web).
4. Authorised JavaScript origins: not strictly required for server-side OAuth, but you can add https://formspring.io and http://localhost:80.
5. Authorised redirect URIs: add all of these:

https://formspring.io/oauth/google/callback
https://formspring.io/integrations/google-sheets/callback
http://localhost:80/oauth/google/callback
http://localhost:80/integrations/google-sheets/callback
http://pixel-forms.test/oauth/google/callback   # local dev host
http://pixel-forms.test/integrations/google-sheets/callback

6. Create.
7. The dialog shows your Client ID and Client Secret. Copy both.

* * *

Google Sheets (form integration)

Sign-in and the per-form Google Sheets integration share the same OAuth Web client (GOOGLE_CLIENT_ID / GOOGLE_CLIENT_SECRET) by default. Sheets uses a different redirect URI and requests the spreadsheets scope when a user clicks Connect Google account on a form (App\Http\Controllers\Integrations\GoogleSheetsOAuthController).

Self-host checklist:

1. Enable the Google Sheets API for the same Cloud project (APIs & Services → Library).
2. Add the Sheets callback URLs to Authorised redirect URIs (see Step 3 above - paths end with /integrations/google-sheets/callback).
3. If your public app URL for that path differs from what Laravel generates, set GOOGLE_SHEETS_REDIRECT_URI in .env to the exact URL registered in Google Cloud (config/services.php → google.sheets_redirect).

Full operator and troubleshooting detail: Google Sheets integration.

* * *

Step 4 - Configure Formspring

In your .env:

GOOGLE_CLIENT_ID=<the client id from step 3>
GOOGLE_CLIENT_SECRET=<the client secret>
GOOGLE_REDIRECT_URI=https://formspring.io/oauth/google/callback

For local dev (restart the dev server after .env edits):

GOOGLE_CLIENT_ID=<same id>
GOOGLE_CLIENT_SECRET=<same secret>
GOOGLE_REDIRECT_URI=http://pixel-forms.test/oauth/google/callback

These are read by config/services.php → google block → consumed by App\Http\Controllers\Auth\SocialAuthController for login and by App\Http\Controllers\Integrations\GoogleSheetsOAuthController for Sheets (same client; different callback path unless GOOGLE_SHEETS_REDIRECT_URI overrides it).

* * *

Step 5 - Verify

1. Restart the app.
2. Visit /login → click Google.
3. Approve consent.
4. You should land on /dashboard (new account) or wherever your post-login route is.

* * *

Where the credential lives

• Server config: .env → config/services.php google.client_id, google.client_secret, google.redirect.
• User-side: users.google_id column (linked once the user signs in for the first time).
• Controller: app/Http/Controllers/Auth/SocialAuthController.php (redirectToProvider, callback).
• Routes: routes/web.php → oauth/google/{redirect,callback,register-intent}.

* * *

Step 6 - Publishing (going past 100 users)

While the app is in Testing state, only test users can sign in (max 100). To support the public:

1. OAuth consent screen → Publish app.
2. Google triggers a verification process for sensitive scopes - for plain email + profile it's instant.
3. Once published, anyone with a Google account can sign in.

For apps requesting sensitive scopes (Drive, Gmail, etc.) you need a privacy policy URL and may need to upload a domain verification file. Sign-in only (email + profile) stays straightforward. If you enable Google Sheets for customers, the spreadsheets scope follows Google’s normal disclosure rules-plan for an accurate privacy policy and app home link on the consent screen.

* * *

Security

• Treat the client secret as critical. Don't commit it.
• Rotate at https://console.cloud.google.com/apis/credentials → your OAuth client → Rotate secret. Old secret expires in 24 hours, giving you a window to roll the env.
• Restrict the redirect URI list to ONLY your production + dev hosts. Wildcards aren't allowed (and you wouldn't want them anyway - open redirects are a known OAuth attack vector).
• Email verification: Formspring checks email_verified on the Google user response - unverified emails are rejected for existing accounts. New accounts created via Google are marked email-verified automatically.

* * *

Troubleshooting

* * *

Provider docs

• Google Identity OAuth: https://developers.google.com/identity/protocols/oauth2/web-server
• Setting up OAuth consent: https://support.google.com/cloud/answer/10311615