Google OAuth with Clerk

How to connect Google as a social sign-in provider for Nümi. Nümi uses Clerk for authentication; Google OAuth is configured in the Clerk Dashboard and (for production) in Google Cloud Console.

Official reference: Add Google as a social connection.

Prerequisites

• A Clerk application (see environment variables in the root README.md)
• A Google Developer account

Development instances

For development Clerk instances, Clerk provides shared OAuth credentials and redirect URIs. No Google Cloud project is required.

1. Open the Clerk Dashboard → SSO connections.
2. Add connection → For all users.
3. Choose Google from the provider list.

Production instances

For production, you must use custom Google OAuth credentials. Keep two tabs open: Clerk SSO connections and Google Cloud Console.

1. Enable Google in Clerk

1. SSO connections → Add connection → For all users → Google.
2. Turn on Enable for sign-up and sign-in and Use custom credentials.
3. Copy and store the Authorized Redirect URI shown by Clerk; you will paste it into Google Cloud.

2. Create OAuth credentials in Google Cloud

1. In Google Cloud Console, select or create a project.
2. APIs & Services → Credentials.
3. Create credentials → OAuth client ID. Configure the OAuth consent screen if prompted.
4. Application type: Web application.
5. Authorized JavaScript origins: add your site (e.g. https://your-domain.com, and https://www.your-domain.com if used). For local testing, add http://localhost:PORT with your dev server port.
6. Authorized redirect URIs: paste the Authorized Redirect URI from Clerk.
7. Create and store the Client ID and Client Secret securely.

3. Finish in Clerk

Paste the Client ID and Client Secret into the Google connection in Clerk and Save. If the form was closed, reopen the connection under SSO connections and fill Use custom credentials.

4. Test

Use the Clerk Account Portal sign-in link to try Google sign-in.

Google does not allow authentication inside WebViews; use a normal browser. See Clerk’s note and Google’s guidance for native or in-app browser cases.

Publishing status (production)

On APIs & Services → OAuth consent screen, external apps start in Testing (limited test users). For public sign-in, set publishing to In production and complete Google’s verification as required. Production Clerk apps should use a Google OAuth client that is appropriate for your audience so users are not blocked.

Optional: block email subaddresses

Clerk can block Google accounts whose emails contain +, =, or # to reduce alias-abuse risk. Configure under the Google connection on SSO connections → Block email subaddresses. Existing accounts that violate the rule may be blocked if enabled.

Optional: Google One Tap

After Google is enabled, you can add Clerk’s One Tap UI; see Clerk’s Google One Tap section and component docs linked from that page.

Related docs

• Architecture — Auth — Clerk + JWT in Nümi
• plans/CLERK_SETUP.md — broader Clerk setup notes