Set up Google OAuth authentication with Clowk
Overview
Clowk handles the entire Google OAuth 2.0 flow. Your app redirects to Clowk, Clowk redirects to Google, and when the user authorizes, Clowk creates the user and returns a JWT.
Setup
1. Enable Google in Clowk
Go to your Clowk dashboard and enable the Google provider for your instance. Enter your Google OAuth credentials.
2. Create Google OAuth credentials
- Go to the Google Cloud Console
- Create an OAuth 2.0 Client ID (Web application)
- Add the authorized redirect URI:
https://clowk.in/oauth/google/callback - Copy the Client ID and Client Secret into your Clowk dashboard
3. Scopes
Clowk requests these scopes by default:
| Scope | Purpose |
|---|---|
openid | OpenID Connect identity |
email | User email address |
profile | User name and profile picture |
OAuth flow
1. Your app → Clowk:
GET https://yourapp.clowk.in/sign-in?redirect_uri=https://yourapp.com/auth/callback
2. Clowk → Google:
GET https://accounts.google.com/o/oauth2/v2/auth?
client_id=...&
scope=openid+email+profile&
state=...&
redirect_uri=https://clowk.in/oauth/google/callback
3. Google → Clowk:
GET https://clowk.in/oauth/google/callback?code=...&state=...
4. Clowk exchanges code for tokens, creates/finds user
5. Clowk → Your app:
GET https://yourapp.com/auth/callback?token=eyJ...JWT payload
{
"iss": "clowk",
"sub": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"email": "jane@example.com",
"name": "Jane Doe",
"avatar_url": "https://lh3.googleusercontent.com/a/...",
"provider": "google",
"instance_id": "inst_abc123",
"app_id": "app_xyz789",
"iat": 1711152000,
"exp": 1711155600
}Google users have email_verified_at set automatically since Google verifies email addresses during sign-in.