Skip to content

Google OAuth Integration

Atlas ERP supports Single Sign-On (SSO) via Google, allowing users to log in quickly without creating a new password. This is powered by Better Auth's social provider plugins.

Configuration Steps

1. Create Google Cloud Project

  1. Go to the Google Cloud Console.
  2. Create a new project or select an existing one.
  3. Navigate to APIs & Services > Credentials.
  1. Go to the OAuth consent screen tab.
  2. Choose External (unless you are restricting it to your specific Google Workspace organization).
  3. Fill in the App name, Support email, and Developer contact information.
  4. Add the necessary scopes: .../auth/userinfo.email and .../auth/userinfo.profile.

3. Create Credentials

  1. Go back to the Credentials tab.
  2. Click Create Credentials -> OAuth client ID.
  3. Application type: Web application.
  4. Name: e.g., "Atlas ERP Auth".
  5. Authorized JavaScript origins: Add your frontend URL (e.g., http://localhost:3000, https://app.yourdomain.com).
  6. Authorized redirect URIs: Add the Better Auth callback URL.
  7. Local: http://localhost:3000/auth/callback (or wherever your frontend handles the redirect before sending it to the API).
  8. Note: Better Auth usually handles the callback on the API side directly at /api/v1/auth/callback/google depending on your setup.

4. Set Environment Variables

Copy the Client ID and Client Secret generated by Google and add them to apps/api/.env:

Bash
1
2
3
GOOGLE_CLIENT_ID="your-client-id.apps.googleusercontent.com"
GOOGLE_CLIENT_SECRET="your-client-secret"
GOOGLE_REDIRECT_URI="http://localhost:3000/auth/callback"

Testing Locally

Ensure your GOOGLE_REDIRECT_URI matches exactly what you configured in the Google Cloud Console. When a user clicks "Sign in with Google" on the frontend, they will be redirected to Google, and upon success, redirected back to your app with a session token.