This guide shows how to configure Coder to authenticate users with Google using OpenID Connect (OIDC).

- A Google Cloud project with the OAuth consent screen configured

- Permission to create OAuth 2.0 Client IDs in Google Cloud

1. Open Google Cloud Console → APIs & Services → Credentials → Create Credentials → OAuth client ID.

2. Application type: Web application.

3. Authorized redirect URIs: add your Coder callback URL:

4. Save and note the Client ID and Client secret.

Set the following environment variables on your Coder deployment and restart Coder:

Google uses auth URL parameters to issue refresh tokens. Configure:

After changing settings, users must log out and back in once to obtain refresh tokens.

Learn more in[Configure OIDC refresh tokens](./refresh-tokens.md).

- "invalid redirect_uri": ensure the redirect URI in Google Cloud matches`https://<your-coder-host>/api/v2/users/oidc/callback`.

- Domain restriction: if users from unexpected domains can log in, verify`CODER_OIDC_EMAIL_DOMAIN`.

- Claims: to inspect claims returned by Google, see guidance in the[OIDC overview](./index.md#oidc-claims).

-[OIDC overview](./index.md)

-[Configure OIDC refresh tokens](./refresh-tokens.md)

"description":"Configure OpenID Connect authentication with identity providers like Okta or Active Directory",

"path":"./admin/users/oidc-auth/index.md",

"children": [

{

"title":"Google",

"description":"Configure Google as an OIDC provider",

"path":"./admin/users/oidc-auth/google.md"

},

{

"title":"Configure OIDC refresh tokens",

"description":"How to configure OIDC refresh tokens",