docs: Update Google Sign-In setup and configuration documentation#471
docs: Update Google Sign-In setup and configuration documentation#471
Conversation
…on setup, and match actual Serverpod 3.4.7 template
…nfiguration steps and added branding image
… and publishing process
Zfinix
force-pushed
the
chore/update-sign-in-with-google-docs
branch
from
597bcee to
3a54bce
Compare
…structure, including new sections for adding the identity provider and creating endpoints
…uration image for improved clarity
…etup documentation for improved clarity
…eference and adding troubleshooting steps for improved clarity
…ormation and clarifying client secret loading options
…ce of the web OAuth client entry in the `google-services.json` file
…from Google OAuth setup documentation to streamline content
…tion steps for improved clarity
…onfiguration steps and clarifying credential storage
| | `googleAccountDetailsValidation` | `Function?` | No | Custom validation callback for Google account details before allowing sign-in. Throws an exception to reject the account. | | ||
| | `getExtraGoogleInfoCallback` | `Function?` | No | Callback that receives the access token after sign-in, allowing you to call additional Google APIs and store extra user data. | | ||
| | `onAfterGoogleAccountCreated` | `Function?` | No | Callback invoked after a new Google account is created and linked to an auth user. Only called for new accounts, not returning users. | | ||
| | `onBeforeAuthUserCreated` | `Function?` | No | Callback invoked before the auth user is created. Use this to set scopes or other data based on provider account info. | |
There was a problem hiding this comment.
There are no good code examples above on how to use the onBeforeAuthUserCreated. Maybe we should add one?
There was a problem hiding this comment.
Hmmm i think this is why references exist in the code we can link the reference instead here, these hooks can change and we don't want to update the docs anytime they change
There was a problem hiding this comment.
Ok. Yeah, I guess what's unclear is what params the callback takes. Seems like Gemini knows how to use the hook.
There is also an 'onAfterAuthUserCreated'. Maybe we should add it? https://pub.dev/documentation/serverpod_auth_idp_server/latest/core/AuthUsersConfig/onAfterAuthUserCreated.html
There was a problem hiding this comment.
hmmm sadly it uses a type def and that doest get a reference
There was a problem hiding this comment.
Let's add two things:
- Add 'onAfterAuthUserCreated' to the list.
- Add one code example using one of the hooks.
…ustomizations.md Co-authored-by: Alexander Dahlberg <dustbin4ever@gmail.com>
There was a problem hiding this comment.
Pull request overview
Updates the Google identity provider documentation to be more actionable and platform-specific, adding a dedicated troubleshooting guide and additional screenshots to reduce common setup/configuration errors.
Changes:
- Expanded the Google setup guide with clearer Google Cloud/Auth Platform steps, platform-specific (iOS/Android/Web) requirements, and explicit migration commands.
- Added a new troubleshooting page with a setup checklist and common failure scenarios + fixes.
- Updated the customizations docs (including a
GoogleIdpConfigparameter reference) and added new screenshots used by the docs.
Reviewed changes
Copilot reviewed 4 out of 15 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| static/img/authentication/providers/google/6-people-api.png | New screenshot for enabling the People API step. |
| static/img/authentication/providers/google/3-button.png | New screenshot showing the rendered Google sign-in button UI. |
| docs/06-concepts/11-authentication/04-providers/03-google/04-troubleshooting.md | New troubleshooting guide covering common setup/runtime errors and fixes. |
| docs/06-concepts/11-authentication/04-providers/03-google/03-customizing-the-ui.md | Minor formatting update (spacing) to improve readability. |
| docs/06-concepts/11-authentication/04-providers/03-google/02-customizations.md | Expanded customizations guidance and added a GoogleIdpConfig parameter reference table. |
| docs/06-concepts/11-authentication/04-providers/03-google/01-setup.md | Major rewrite of setup instructions with screenshots, platform-specific steps, and production publishing guidance. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…branding steps for production setup
…ustomizations.md Co-authored-by: Alexander Dahlberg <dustbin4ever@gmail.com>
…tup steps and improve guidance for authorized domains and test users
| } | ||
| ``` | ||
|
|
||
| Alternatively, set the `SERVERPOD_PASSWORD_googleClientSecret` environment variable on your production server with the same JSON value. |
There was a problem hiding this comment.
Just missing a link to cloud docs on how to setup an env variable https://docs.serverpod.dev/next/concepts/configuration#2-via-environment-variables
There was a problem hiding this comment.
That link was to the framework. This is the cloud docs: https://docs.serverpod.dev/cloud/guides/passwords#passwords-vs-secrets-vs-variables
| If you run into issues, see the [troubleshooting guide](./troubleshooting). | ||
| ::: | ||
|
|
||
| ## Publishing to production |
There was a problem hiding this comment.
We are missing an important step for Android when going to production. Add a step between step 2 and 3:
3. Update the Android OAuth client with the release SHA-1 (Android only)
The Android OAuth client you created during setup uses your debug SHA-1 fingerprint. Release builds are signed with a different key, so you need to add the release SHA-1 as well.
If you use Google Play App Signing (the default for new apps), get the SHA-1 from the Play Console: Setup → App integrity → App signing key certificate. Make sure to use the app signing key SHA-1, not the upload key SHA-1.
If you manage your own release keystore, get the SHA-1 from it directly:
keytool -list -v -keystore your-release-key.jks -alias your-key-aliasOnce you have the SHA-1, go back to your Android OAuth client in the Google Auth Platform and add it under SHA-1 certificate fingerprint.
:::warning
Forgetting this step is one of the most common reasons Google Sign-In works in debug builds but silently fails after publishing to the Play Store.
:::
…etup.md Co-authored-by: Alexander Dahlberg <dustbin4ever@gmail.com>
Problem
The Sign in with Google docs lacked screenshots for the Google Cloud Console setup steps, had no clear separation between what iOS, Android, and Web each require, and didn't explain key gotchas (YAML indentation, SHA-1 debug vs release mismatch, missing People API). There was also no troubleshooting page and the migration steps were incomplete.
Solution
serverpod create-migration), Firebase disambiguation note, and warnings for common mistakes.GoogleIdpConfigparameter reference table withpasswords.yamlkey column and environment variable equivalents section. Improved link text for accessibility.redirect_uri_mismatch, missing People API, token expiration on Web, and more.