Google Apps created for Social Login now need to be verified by Google. Verification is required if your app is marked as Public. Before your consent screen and application are verified by Google, you can still test your application with some limitations. Once the limitation is exceeded, users will receive a notification from Google that the App is not verified and probably isn’t trustworthy.

So, before proceeding, please have a look at the Unverified apps documentation, which indicates how unverified apps may behave. If you would like to know more information about the verification itself, please check the OAuth Application Verification FAQ of Google.

Enable login in WordPress

1. App creation

To be able to log in via Google, you must create a Google app first.

1. Navigate here.
2. Log in with your Google credentials if you are not logged in.
3. If you don’t have a project yet, you’ll need to create one. You can do this by clicking on the blue “Create Project” text on the right side! ( If you already have a project, then in the top bar, click on the name of your project instead, which will bring up a modal, and click “New Project”. )
4. Name your project and then click on the “Create” button again!
5. Once you have a project, you’ll end up in the dashboard. ( If earlier you have already had a Project, then make sure you select the created project in the top bar! )
6. Click the “OAuth consent screen” button on the left-hand side.
7. Choose a User Type according to your needs and press “Create”. If you want to enable the social login with Google for any users with a Google account, then pick the “External” option!
   Note: We don’t use sensitive or restricted scopes either. But if you will use this App for other purposes too, then you may need to go through an Independent security review!
8. Enter a name for your App in the “App name” field, which will appear as the name of the app asking for consent.
9. For the “User support email” field, select an email address that users can use to contact you with questions about their consent.
10. Fill the “Application home page” field with the URL of your homepage.
11. Enter your privacy policy and terms of service links into the “Application privacy policy link” and “Application terms of service link” fields.
12. Under the “Authorized domains” section, press the “Add Domain” button and enter your domain name, without subdomains! E.g.: example.com
13. At the “Developer contact information” section, enter an email address that Google can use to notify you about any changes to your project.
14. Press “Save and Continue”, then press it again on the “Scopes”, “Test users” pages, too!
15. On the left side, click on the “Credentials” menu point, then click the “+ Create Credentials” button in the top bar.
16. Choose the “OAuth client ID” option.
17. Select “Web application” under Application type.
18. Enter a “Name” for your OAuth client ID.
19. Under the “Authorised redirect URIs” section, click “Add URI” and add the URL that Nextend Social Login suggests at the backend!
20. Click on the “Create” button
21. A modal should pop up with your credentials. If that doesn’t happen, go to the Credentials in the left-hand menu and select your app by clicking on its name, and you’ll be able to copy-paste the “Client ID” and “Client Secret” from there.
22. Currently, your App is in Testing mode, so only a limited number of people can use it. To allow this App for any user with a Google Account, click on the “OAuth consent screen” option on the left side, then click the “PUBLISH APP” button under the “Publishing status” section, and press the “Confirm” button.

2. App setup

Once your Google app is ready, you’ll need to copy and paste the Client ID and Client Secret to the Google provider’s Settings tab. You can find the information at your Google app’s Settings, which you can reach from the left sidebar.

3. Verification

Once your Client ID and Client Secret have been added, you need to verify the setup first. This verification helps you identify possible problems with the app.

Settings

• Client ID: The Client ID of your Google app. You can find it in the left menu: Credentials → select your App.
• Client Secret: The Client Secret of your Google app. You can find it in the left menu: Credentials → select your App.
• Select account on each login: When enabled, Google will display the account select prompt each time the user logs in with the Google provider.

Other settings

Username prefix on Register

Whenever a new user registers with their Google account, they can get a custom prefix so you can easily identify them.

Fallback username prefix on register

Whenever a new user registers with their Google account and we can not generate a valid username from the first name or last name, a random username will be generated. With this option, they can get a custom prefix so you can easily identify them.

Terms and conditions

This option can only be seen if Terms and Conditions is set to Show in the Global Settings → Privacy tab. Here, you can set custom Terms and Conditions for users who register with Google. For more information, please read our Privacy documentation.

Sync data

By default, Nextend Social Login stores the first name, last name, email, avatar url and access token if it is possible, however, some additional information can also be retrieved and stored.

When an option is checked, that field will be stored in a meta key with the specified name.

• Sync fields: These determine when the synchronization shall happen. Whenever a user registers, logs in, or links an existing WordPress account with a provider, their data will be retrieved and stored.
• Locale: Stores the user’s locale. Returns string.
• Genders*: Stores the user’s genders. Returns string.
• Biographies*: Stores the user’s introduction. Information is set on the Google – About Me page. Returns string.
• Birthdays*: Stores the user’s birthday. Returns a string in the format: YYYY-MM-DD.

• Occupations*: Stores the user’s occupation. Information is set on the Google – About Me page. Returns string.
• Organizations*: Stores the user’s organization information from Google – About Me( Stored values: name, title, type, start date, end date, is it current). Returns array.
• Locations*: Stores the place where the user lives or where the user used to live. Information is set on the Google – About Me page. Returns array.
• Age ranges*: Stores the user’s age range. Returns string.
• Addresses*: Stores the addresses of the user. Information is set on the Google – About Me page. Returns array.
• Phone Numbers*: Stores the user’s phone numbers. Information is set on the Google – About Me page. Returns array.

Branding Guidelines

According to the Google Sign-In Branding Guidelines, the button needs to comply with some requirements. At the buttons tab of the Google provider, there are predefined skins (light and dark), which comply with those requirements.

Common error messages

redirect_uri_mismatch

The redirect URI in the request, https://yoursite.com/wp-login.php?loginSocial=google (where the yoursite.com is your domain), does not match the ones authorized for the OAuth client.

Access blocked: This app’s request is invalid

You can’t sign in because this app sent an invalid request. You can try again later or contact the developer about this issue. Learn more about this error
If you are a developer of this app, see the error details.
Error 400: redirect_uri_mismatch

The problem is that the entered Authorized redirect URIs field is not correct for your app. Check the 19th step of the App setup to fix the problem.

invalid_client

Error: invalid_client The OAuth client was not found.

The entered Client ID is not correct. Maybe the app with the entered ID was deleted. Go to the Google provider → Settings and make sure that an existing App’s Client ID and Client Secret was entered.

Request is missing required authentication credential

Error: Request is missing required authentication credentials. Expected OAuth 2 access token, login cookie, or another valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.

The entered Client ID or Client Secret is not correct, it probably contains some extra white-space characters. Make sure you copied the Client ID and the Client Secret in the appropriate format.

Error 403: org_internal

This client is restricted to users within its organization.

The “User Type” in your App was set to “Internal”. The problem is that the internal Apps can only be used by the members of the organization. If the goal is to make the app usable by everybody, the “External” User Type must be selected, as we suggested in the 7th step of the Getting Started Section.

Other 403 and 404 errors

When your other providers work properly, but your Google provider gives you a 403 or 404 error, your server or firewall will most likely have a limitation that prevents access to pages with HTTP/HTTPS links in them. For more information, please visit our Google 403 & 404 errors documentation.

FAQ

Why am I not logged in automatically after the version 3.0.19?

For a better user experience, we modified our Google authentication-related codes. So once the user was already logged in with the Google provider and logged out, then the person will have the opportunity to choose a different Google account.

It was a common problem that users logged in with a Google account other than the one they wanted, so they logged out from the site. But from this point, the login happened automatically with the selected account.

Fortunately, Google offers an account selector scope, so starting from Nextend Social Login 3.0.19, the account selection box will be offered instead of the auto login. In this way, users will be able to choose the account they would like to log in with.