OneTap Login for WooCommerce
Back to Blog
Tutorials

How to Create Google OAuth Credentials for WordPress & WooCommerce (2026 Guide)

Complete walkthrough for creating Google Cloud OAuth 2.0 credentials for your WordPress or WooCommerce site. Includes updated 2026 Google Cloud Console interface, troubleshooting common errors, and security best practices.

December 10, 202510 min readBy Kevin Maqueda

How to Create Google OAuth Credentials for WordPress & WooCommerce

To enable Google login on your WordPress or WooCommerce site, you need OAuth 2.0 credentials from Google Cloud Console. This guide walks you through the entire process with the current (2026) Google Cloud interface.

Total time: 10-15 minutes for first-time setup.

What You'll Create

By the end of this guide, you'll have:

  1. A Google Cloud Project — A container for your credentials
  2. OAuth Consent Screen — What users see when authenticating
  3. OAuth 2.0 Client ID — The credential your WordPress plugin uses

Let's start.

Prerequisites

Before beginning, ensure you have:

  • A Google account (any Google/Gmail account works)
  • Your WordPress site URL (must use HTTPS)
  • Admin access to your WordPress dashboard

Important: Google One Tap and Google Sign-In require HTTPS. If your site still uses HTTP, you'll need to install an SSL certificate first.

Step 1: Access Google Cloud Console

  1. Go to console.cloud.google.com
  2. Sign in with your Google account
  3. Accept the Terms of Service if prompted

You'll see the Google Cloud Console dashboard. If this is your first time, it may show a welcome modal—you can close it.

Step 2: Create a New Project

Every set of credentials lives within a "project." Create one for your website:

  1. Click the project dropdown in the top navigation bar (it may say "Select a project" or show an existing project name)
  2. Click New Project in the popup
  3. Configure your project:
    • Project name: Something identifiable, like "My Store - WooCommerce" or your domain name
    • Organization: Leave as "No organization" unless you have Google Workspace
    • Location: Leave as default
  4. Click Create
  5. Wait 10-30 seconds for the project to create
  6. Click Select Project in the notification, or select it from the project dropdown

Tip: The project name is only visible to you in Google Cloud Console. Users never see it.

Step 3: Configure the OAuth Consent Screen

Before creating credentials, you must configure the consent screen—what users see when they authenticate.

3.1 Navigate to OAuth Consent Screen

  1. In the left sidebar, go to APIs & Services
  2. Click OAuth consent screen

3.2 Select User Type

You'll see two options:

User TypeDescriptionWhen to Use
InternalOnly users within your Google Workspace organizationCompany intranets with Google Workspace
ExternalAny user with a Google accountPublic websites (this is what you want)

Select External and click Create.

3.3 Fill in App Information

Complete the form with these fields:

App Information

FieldWhat to EnterExample
App nameYour website/store name"Mountain Gear Shop"
User support emailYour email addressyou@yourdomain.com
App logo (optional)Your site logoSkip for now

App Domain

FieldWhat to EnterExample
Application home pageYour site URLhttps://mountaingear.com
Application privacy policy linkYour privacy policy URLhttps://mountaingear.com/privacy
Application terms of service linkYour terms URLhttps://mountaingear.com/terms

Authorized domains

Click + Add Domain and enter your domain without https:// or paths:

  • mountaingear.com
  • If you also use www, add both: www.mountaingear.com

Developer contact information

FieldWhat to Enter
Email addressesYour email (can be same as support email)

Click Save and Continue.

3.4 Scopes (Skip)

The scopes section defines what data your app can access. For basic Google login, you don't need to add any scopes here—the default profile information is sufficient.

Click Save and Continue without adding scopes.

3.5 Test Users (Skip for Now)

While your consent screen is in "Testing" mode, only test users can authenticate. We'll handle this later.

Click Save and Continue.

3.6 Summary

Review your settings and click Back to Dashboard.

Step 4: Create OAuth 2.0 Credentials

Now create the actual Client ID your WordPress plugin will use.

4.1 Navigate to Credentials

  1. In the left sidebar (under APIs & Services), click Credentials
  2. Click + Create Credentials at the top
  3. Select OAuth client ID

4.2 Configure the Client ID

Application type: Select Web application

Name: Enter something descriptive like:

  • "WooCommerce One Tap Login"
  • "WordPress Google Login"
  • "Production Site Login"

Authorized JavaScript origins:

This is critical for Google One Tap. Add your domain(s):

Click + Add URI and enter:

https://yourdomain.com

If you also use www:

https://www.yourdomain.com

Do NOT include:

  • Trailing slashes (wrong: https://yourdomain.com/)
  • Paths (wrong: https://yourdomain.com/checkout)
  • HTTP (wrong: http://yourdomain.com)

Authorized redirect URIs:

For Google One Tap: Leave this empty. One Tap doesn't use redirect URIs.

For traditional OAuth button: Add your callback URL if your plugin requires it. Check your plugin's documentation. For OneTap Login for WooCommerce, this is not needed.

Click Create.

4.3 Save Your Credentials

A popup displays your credentials:

  • Client ID: 123456789-abcdefghij.apps.googleusercontent.com
  • Client Secret: GOCSPX-abc123xyz...

For Google One Tap: You only need the Client ID. Copy it.

For traditional OAuth: You need both Client ID and Client Secret.

Click OK to close.

You can always retrieve these later from the Credentials page.

Step 5: Configure Your WordPress Plugin

Now add the Client ID to your WordPress site.

For OneTap Login for WooCommerce:

  1. In WordPress admin, go to WooCommerce → OneTap Login
  2. Paste your Client ID in the "Google Client ID" field
  3. Configure where to show One Tap (checkout, cart, my account)
  4. Click Save Changes

For Other Plugins:

Consult your plugin's documentation. Most require:

  • Client ID
  • Client Secret (for traditional OAuth)
  • Callback URL configuration (must match what you set in Google Cloud)

Step 6: Publish Your App (Important)

Your OAuth consent screen starts in "Testing" mode, which limits who can authenticate.

Testing Mode Limitations

  • Only users listed as "Test Users" can log in
  • "Unverified app" warning shown
  • Limited to 100 test users

For a live WooCommerce store, you need to publish the app.

How to Publish

  1. Go to APIs & Services → OAuth consent screen
  2. Under "Publishing status," click Publish App
  3. Click Confirm in the popup

What Happens After Publishing:

  • Any user with a Google account can authenticate
  • For most sites, no additional verification is required
  • If you request sensitive scopes (which basic login doesn't), Google may require verification

Do You Need Google Verification?

No verification required if you only use:

  • email
  • profile
  • openid

These are the default scopes for basic Google Sign-In and One Tap.

Verification required if you access:

  • Google Drive
  • Gmail
  • Calendar
  • Other sensitive APIs

Basic login for WooCommerce falls in the first category—no verification needed.

Step 7: Test Your Setup

  1. Open your site in an incognito/private browser window
  2. Go to a page with Google login enabled (checkout, cart, or my account)
  3. You should see the Google One Tap popup appear
  4. Click your account to log in
  5. Verify you're authenticated and can proceed

Testing Checklist

  • One Tap popup appears on checkout
  • One Tap popup appears on cart page
  • One Tap popup appears on my account page
  • Clicking One Tap logs you in successfully
  • New users get WordPress accounts created
  • Existing users (by email) are linked correctly
  • Google Sign-In button works (if enabled)

Troubleshooting Common Issues

"The given origin is not allowed for the given client ID"

Cause: Your domain isn't listed in Authorized JavaScript Origins.

Fix:

  1. Go to Google Cloud Console → Credentials
  2. Click your OAuth Client ID
  3. Under "Authorized JavaScript origins," add your exact domain
  4. Wait 5 minutes for changes to propagate
  5. Clear browser cache and retry

"Sign in with Google temporarily disabled for this app"

Cause: OAuth consent screen is in Testing mode and you're not a test user.

Fix:

  • Either publish your app (Step 6), or
  • Add yourself as a test user: OAuth consent screen → Test users → Add Users

One Tap Popup Doesn't Appear

Common causes:

  1. Not using HTTPS: One Tap requires SSL
  2. Already logged in: One Tap hides if WordPress session exists
  3. Previously dismissed: One Tap has exponential backoff; clear cookies
  4. No Google session in browser: User must be logged into Google somewhere
  5. Domain mismatch: JavaScript origin must match exactly (no trailing slash)

Debugging:

  • Open browser Developer Tools (F12)
  • Check Console for error messages from Google's script
  • Network tab should show successful load of gsi/client

"Error 400: redirect_uri_mismatch"

Cause: You're using traditional OAuth and the redirect URI doesn't match.

Fix:

  1. Check your plugin's required callback URL
  2. Add it exactly to "Authorized redirect URIs" in Google Cloud
  3. Common formats:
    • https://yourdomain.com/wp-login.php
    • https://yourdomain.com/?google-callback
    • (Varies by plugin)

Users See "Unverified App" Warning

Cause: OAuth consent screen is in Testing mode.

Fix: Publish your app (Step 6).

If you've published and still see this, you may need Google verification—but this shouldn't happen for basic login scopes.

Security Best Practices

Do Protect:

  • Client Secret: Never expose this in client-side code
  • Domain restrictions: Only add domains you control to authorized origins

Don't Worry About:

  • Client ID visibility: The Client ID is designed to be public (it's in your site's JavaScript)

Recommendations:

  1. Use a dedicated Google account: Create credentials under an account dedicated to your business, not your personal account
  2. Enable 2FA on Google account: Protect access to Google Cloud Console
  3. Monitor OAuth consent screen: Google shows usage statistics and any issues
  4. Separate production/development: Use different credentials for staging and production sites

Managing Multiple Sites

If you run multiple WordPress sites:

Option A: One Project Per Site

  • Create a separate Google Cloud project for each site
  • Cleaner separation, easier to manage per-site

Option B: Multiple Credentials in One Project

  • Create multiple OAuth Client IDs in one project
  • Add each site's domain to its respective Client ID
  • Easier to manage from one dashboard

Both approaches work. Option A is cleaner; Option B is more convenient if you manage many sites.

Credential Maintenance

Rotating Credentials

If you suspect your credentials are compromised:

  1. Go to Credentials in Google Cloud Console
  2. Click your OAuth Client ID
  3. Click Reset Secret (for Client Secret)
  4. Update the new secret in your WordPress plugin
  5. Old secret is immediately invalidated

Deleting Old Credentials

If you decommission a site:

  1. Go to Credentials
  2. Click the trash icon next to the OAuth Client ID
  3. Confirm deletion

This immediately invalidates the credentials and stops all authentication for that Client ID.

Summary

Setting up Google OAuth for WordPress involves:

  1. Creating a Google Cloud project
  2. Configuring the OAuth consent screen
  3. Creating OAuth 2.0 credentials (Client ID)
  4. Adding authorized domains
  5. Publishing the app for public access
  6. Configuring your WordPress plugin

The process takes 10-15 minutes and only needs to be done once per site.

For the smoothest implementation with WooCommerce, use OneTap Login for WooCommerce—it handles the WordPress integration automatically once you provide your Client ID.

Related guides:

Last updated: January 2026