Google OAuth2 How to setup a client ID for use in desktop software?
Use this information when you need to connect to Gmail or other Google Cloud Platform services using OAuth2 from a desktop application.
Find more information about the Google OAuth2 end-points and scope values here.
Google OAuth2 specifics
Google supports both the authorization code flow as well as the device code flow for desktop applications. However, google does have a different, more limited set of scope values available when using the device code flow.
Create a client ID
Before you can start to create a client ID you’ll need to have a Google Cloud Platform account. If you don’t have a Google Cloud Platform account yet you can create it here.
The client ID is a part of an application in the Google Cloud Platform. An application in turn is part of a project. so the first part of setting up a client ID is to create a new project.
Setup a client ID for your application by following the following steps:
1. Sign into the Google Cloud Platform (https://console.cloud.google.com)
2. Create a new project by first clicking on ‘Select a project’ on the top of the screen. This will pop the ‘Select a project’ dialog. Next click on ‘New project’ on the ‘Select a project’ dialog.
3. Fill in the project name and organization if applicable. The project name will be shown when authenticating using OAuth2.
After creating the project you’ll automatically select it.
4. Go to the ‘APIs overview’ page.
5. Click on ‘OAuth consent screen’ to setup your project.
Depending on your Google Cloud Platform subscription you may only be able to select ‘External’. Click on ‘Create’ to continue.
6. Fill out your application details in the next screen
Click ‘Save and Continue’ to walk through the pages of this Wizard.
On the ‘Scopes’ page click on ‘Add or remove scopes’. Next either select the scopes that your application needs access to or manually type them in and click on ‘Add to Table’. Click on ‘Update’ to finish this step.
On the ‘Test users’ page you can add test users. It makes sense to add at least one.
If you are using a restricted scope such as ‘https://mail.google.com’ your application needs to be verified by google before it can go live. If you keep your application in ‘Test’ mode you can use it without verification but you will only be able to authorize your selected test users.
7. Click on ‘Credentials’ and on ‘Create Credentials’. Select ‘Create OAuth client ID’ to create an OAuth2 client ID.
Next fill in your application name as it should appear in the OAuth2 authorization screen and select the type of application.
For a desktop application it’s recommended to use the option ‘TV and limited-input devices’ instead of the option ‘Desktop application’.
Click on ‘Create’ to finally show your client ID and client secret.
That’s it. You can use this client ID and secret to connect with OAuth2.