> ## Documentation Index
> Fetch the complete documentation index at: https://nango.dev/docs/llms.txt
> Use this file to discover all available pages before exploring further.
# How to register your own Google OAuth app
> Register an OAuth app with Google and obtain credentials to connect it to Nango
This guide shows you how to register your own app with Google to obtain your OAuth credentials (client ID & secret). These are required to let your users grant your app access to their Google services.
You will need to pass a Google review to go live with your integration.
[Follow our guide](/api-integrations/google-shared/google-security-review) to get approved as fast as possible.
If you don't already have one, sign up for a [Google Cloud account](https://console.cloud.google.com/).
1. Go to the [Google Cloud Console](https://console.cloud.google.com/).
2. Click on the project dropdown at the top left of the page.
3. Click **New Project**.
4. Enter a **Project Name** for your project.
5. Under **Location**, select the appropriate organization or folder where this project should belong.
If you're not part of an organization, it will default to No organization
6. Click **Create** and wait for the project to be created.
7. Select it from the project dropdown.
1. Go to the [API Library](https://console.cloud.google.com/apis/library) in the Google Cloud Console.
2. Search for the Google APIs you want to use (e.g., Google Drive API, Gmail API, Google Calendar API).
3. Select each API and click **Enable**.
4. Repeat this process for all the APIs your application needs to access.
You need to enable individual Google APIs on the [Google API Console](https://console.cloud.google.com/apis/dashboard) before using them. Google has a unified OAuth system for their various APIs - this provider should work for most of them (e.g. Google Sheets, Gmail, Google Calendar, etc.).
1. Go to **APIs & Services** > **OAuth consent screen** in the Google Cloud Console.
2. Click **Get started**.
3. Fill in all the required fields in the **App Information** form.
4. Click **Next**. Select the appropriate Audience:
* **External**: For applications available to any Google user
* **Internal**: For applications restricted to users within your Google Workspace organization
5. Click **Next**. Fill in the **Contact Information**; these are the email addresses that Google will use to notify you about any changes to your project.
6. Click **Next**, then check the **I agree to the Google API Services: User Data Policy** checkbox, and click **Continue**.
7. Add the scopes your application needs. Under **Data Access**, click **Add or Remove Scopes** and select the scopes that correspond to the APIs you enabled.
8. Under **Audience**, click **Add users** if you selected **External** user type (required for testing before verification).
Google's OAuth consent screen has different configurations for "External" and "Internal" user types. Internal is only available for Google Workspace users and limits access to users within your organization.
In "Testing" mode with an external user type, refresh tokens expire in 7 days unless only basic scopes are used — userinfo.email, userinfo.profile, openid, or their [OpenID Connect equivalents](https://developers.google.com/identity/protocols/oauth2/scopes#openid-connect). You can remove this 7-day limit by switching from Testing to Production (see Step 7 below).
1. Go to **APIs & Services** > **Credentials** in the Google Cloud Console.
2. Click **Create Credentials** and select **OAuth client ID**.
3. Select **Web application** as the application type.
4. Enter a name for your OAuth client.
5. Under **Authorized redirect URIs**, add `https://api.nango.dev/oauth/callback`.
6. Click **Create**.
7. A dialog will appear with your client ID and client secret. Save these credentials securely as you'll need them when configuring your integration in Nango.
While setting up the OAuth credentials, the *Authorized JavaScript origins* should be your site URL (`https://app.nango.dev` if you're testing from the Nango UI).
Follow the [*Quickstart*](/getting-started/quickstart) to build your integration.
Most Google scopes are marked "sensitive" or "restricted" by Google. You need to pass a Google review to go live.
[Follow our guide](/api-integrations/google-shared/google-security-review) to prepare and pass as quickly as possible.
For applications using sensitive or restricted scopes, Google requires verification and a security assessment. This process can take several weeks to complete.
To move your OAuth app from testing to production:
1. Go to **APIs & Services** > **OAuth consent screen** > **Audience**.
2. Click **Publish App** to switch your app from testing to production.
## Important considerations
### Refresh token expiration
For information on why Google refresh tokens expire, see [Why is my Google refresh token expiring?](https://nango.dev/blog/why-is-my-google-refresh-token-expiring).
Google allows up to 100 refresh tokens per account per OAuth client ID; new tokens overwrite the oldest without warning when the limit is reached.
### Scopes and permissions
See [OAuth 2.0 Scopes for Google APIs](https://developers.google.com/identity/protocols/oauth2/scopes) for the complete list and guidance on incremental authorization.
### Rate limits
For rate-limit details, see [Google's documentation on API usage limits](https://developers.google.com/workspace/admin/reports/v1/limits). For Google OAuth basics, see [Google's OAuth 2.0 documentation](https://developers.google.com/identity/protocols/oauth2).
***