---
outline: deep
---

# Google

To enable Google login, add the app id, app secret and scope property to `config/default.json`:

```js
{
  "authentication": {
    "oauth": {
      "google": {
        "key": "<App ID>",
        "secret": "<App Secret>",
        "scope": ["openid"]
      }
    }
  }
}
```

According to the [documentation of Google](https://developers.google.com/identity/protocols/OpenIDConnect#scope-param):
"The scope value must begin with the string openid and then include profile or email or both.".


To also request the email address, add the string "email" to the array of the 'scope' property:
```js
{
  "authentication": {
    "oauth": {
      "google": {
        "key": "<App ID>",
        "secret": "<App Secret>",
        "scope": ["openid", "email"],
        "nonce": true
      }
    }
  }
}
```

The property 'nonce', according to the documentation: "A random value generated by your app that enables replay protection.".

## Application client and secret

The client id (App ID) and secret can be acquired by creating a [OAuth client ID](https://console.developers.google.com/apis/credentials):
1. Click on 'OAuth client ID'
![Creating OAuth client ID - step 1](https://bartduisters.com/img/feathers/oauth-client-id-1.png)
2. Select 'web application', fill in the information and click 'Create'
![Creating OAuth client ID - step 2](https://bartduisters.com/img/feathers/oauth-client-id-2.png)

**Important**: Fill in the callback url, in a default Feathers setup it will be /oauth/google/callback.

3. Replace `<App ID>` and `<App Secret>` with the id and secret of the created OAuth client ID application

```js
{
  "authentication": {
    "oauth": {
      "google": {
        "key": "<client-id>.apps.googleusercontent.com",
        "secret": "<client-secret>",
        "scope": ["openid", "email"],
        "nonce": true
      }
    }
  }
}
```

Note: Use the generated credentials of the OAuth client ID.

Note: `<client-id>` will be replaced by a string similar to **481298021138-hv27glb811ocr7pdon5lsg8hh5a6pgjv**.apps.googleusercontent.com.

Note: `<client-secret>` will be replaced by a string similar to **XkWl0witdP4ogeNIgyOi-CeS**.

## Using the data returned from the Google App through a custom OAuth Strategy

In `src/authentication.js`:

```js
const axios = require('axios');
const { OAuthStrategy } = require('@feathersjs/authentication-oauth');

class GoogleStrategy extends OAuthStrategy {
  async getEntityData(profile) {

    // this will set 'googleId'
    const baseData = await super.getEntityData(profile);

    // this will grab the picture and email address of the Google profile
    return {
      ...baseData,
      profilePicture: profile.picture,
      email: profile.email
    };
  }
}

module.exports = app => {
  const authentication = new AuthenticationService(app);

  authentication.register('jwt', new JWTStrategy());
  authentication.register('local', new LocalStrategy());
  authentication.register('google', new GoogleStrategy());

  app.use('/authentication', authentication);
  app.configure(expressOauth());
};
```
**Important**: googleId, profilePicture and email are properties that should exist on the database model!