In my web application I have implemented Google OAuth2 to connect to Google Sheets and that works just fine.
Now I distribute this web application to different users who use it on multiple websites. Each website needs to get the OAuth2 authorization and that is where I sort of not know what to do.
Let's say I have domain a, b and c and my Google account is [email protected]. In the Google console I create an OAuth2 Client ID and I add the 3 approved redirects for all 3 domains.
In a I enter my client ID and client secret and go through the authorization process and I get an access token, refresh token and some more data. If I now go to website b and do exactly the same, the credentials on website a will become invalid. That makes sense because the refresh token is on site b now.
So the other idea I had was to create 3 OAuth2 clients in the Google Console, one for each domain. However when I go through the authorization here, the refresh token seems to become invalid as well.
My final idea was, that I am going to need 3 different gmail accounts, one for each website and setup the OAuth client for each website in their respective accounts. This would then also mean that I will see 3 different consents in the connections overview at
It just seems cumbersome to have to create a new gmail account every time a website is added.
What is the correct way to go about managing these authorizations?
Any insight is appreciated.
In my web application I have implemented Google OAuth2 to connect to Google Sheets and that works just fine.
Now I distribute this web application to different users who use it on multiple websites. Each website needs to get the OAuth2 authorization and that is where I sort of not know what to do.
Let's say I have domain a, b and c and my Google account is [email protected]. In the Google console I create an OAuth2 Client ID and I add the 3 approved redirects for all 3 domains.
In a I enter my client ID and client secret and go through the authorization process and I get an access token, refresh token and some more data. If I now go to website b and do exactly the same, the credentials on website a will become invalid. That makes sense because the refresh token is on site b now.
So the other idea I had was to create 3 OAuth2 clients in the Google Console, one for each domain. However when I go through the authorization here, the refresh token seems to become invalid as well.
My final idea was, that I am going to need 3 different gmail accounts, one for each website and setup the OAuth client for each website in their respective accounts. This would then also mean that I will see 3 different consents in the connections overview at https://myaccount.google/connections
It just seems cumbersome to have to create a new gmail account every time a website is added.
What is the correct way to go about managing these authorizations?
Any insight is appreciated.
Share asked Mar 3 at 20:17 RolandDRolandD 721 silver badge6 bronze badges1 Answer
Reset to default 1If these 3 sites are all properties you control, you should set up 1 central place that handles OAuth2 and find a different way for the resulting credentials to be shared across the 3 sites.
If these are all owned by different people, because maybe this is an on-premise installation, generally this kind of software always provides instructions per-installation on how they can set up their google account from scratch and get a unique client_id and client_secret.