Google Services OAuth (Admin Setup)
This is the one-time setup for a shared Google OAuth app in MindRoom. After you finish these steps, users only click Login with Google in the frontend.
Who This Is For
Use this guide if you are running MindRoom for a team, organization, or hosted deployment.
If you are a single local user and want to bring your own Google OAuth app, see Google Services OAuth (Individual Setup).
What You Need Before Starting
- Your MindRoom URL (local example:
http://localhost:8765, production example:https://mindroom.example.com) - Access to Google Cloud Console
- Access to set MindRoom environment variables
The MindRoom callback path is always:
Your full callback URL is:
Step 1: Create a Google Cloud Project
- Open Google Cloud Console.
- Create a new project (or select an existing one).
- Save the project ID. You will use it as
GOOGLE_PROJECT_ID.
Step 2: Enable APIs
- In Google Cloud Console, go to APIs & Services → Library.
- Enable:
- Gmail API
- Google Calendar API
- Google Drive API
- Google Sheets API
Step 3: Configure OAuth Consent Screen
- Go to APIs & Services → OAuth consent screen.
- User type:
Externalfor public or mixed usersInternalfor Google Workspace-only- Fill required app info and save.
- Add test users if app is still in testing mode.
- Add scopes:
https://www.googleapis.com/auth/gmail.readonlyhttps://www.googleapis.com/auth/gmail.modifyhttps://www.googleapis.com/auth/gmail.composehttps://www.googleapis.com/auth/calendarhttps://www.googleapis.com/auth/spreadsheetshttps://www.googleapis.com/auth/drive.fileopenidhttps://www.googleapis.com/auth/userinfo.emailhttps://www.googleapis.com/auth/userinfo.profile
Step 4: Create OAuth Client ID
- Go to APIs & Services → Credentials.
- Click Create Credentials → OAuth client ID.
- Choose Web application.
- Under Authorized redirect URIs, add:
- Local:
http://localhost:8765/api/google/callback - Production:
https://<your-domain>/api/google/callback - Copy the generated client ID and client secret.
Step 5: Configure MindRoom Environment
Set these env vars in your MindRoom deployment (.env, Kubernetes secret, or hosting config):
GOOGLE_CLIENT_ID=your-app-client-id.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=your-app-client-secret
GOOGLE_PROJECT_ID=your-project-id
GOOGLE_REDIRECT_URI=http://localhost:8765/api/google/callback
Notes:
- GOOGLE_REDIRECT_URI must match one of your Google Console redirect URIs exactly.
- If omitted, MindRoom defaults to http://localhost:8765/api/google/callback.
Restart MindRoom after setting env vars.
Step 6: Verify MindRoom Is Configured
Run:
Expected result includes:
- "has_credentials": true
If connected is false at this point, that is normal until a user authorizes.
Step 7: Verify Frontend User Flow
- Open Integrations → Google Services.
- If setup is correct, the card shows Ready to Connect.
- Users can now click Login with Google and authorize access.
End User Steps (After Admin Setup)
Each user does only this: 1. Open Integrations → Google Services. 2. Click Login with Google. 3. Approve scopes. 4. Confirm status shows Connected.
Production Notes
- Apps in testing mode are limited to test users.
- For broad public usage, complete Google OAuth verification (consent screen, policies, branding, etc.).
- Never commit
GOOGLE_CLIENT_SECRETto git.
Security Notes
- OAuth access/refresh tokens are stored in MindRoom credentials storage, typically:
mindroom_data/credentials/google_credentials.json- Restrict filesystem access to your MindRoom data directory.
- Revoke app access from Google account settings if needed.
Troubleshooting
"Google OAuth is not configured"
GOOGLE_CLIENT_ID or GOOGLE_CLIENT_SECRET is missing in the MindRoom environment.
"Redirect URI mismatch"
Ensure all three are identical:
- GOOGLE_REDIRECT_URI in the MindRoom environment
- Redirect URI in Google Console
- Actual MindRoom callback URL
Users cannot authorize while app is in testing mode
Add those users to OAuth consent screen test users.