Skip to main content
By default, if you use "google" for OAuth in your Traffic Policies without specifying a Google OAuth application, visitors are authenticated using ngrok’s managed Google OAuth instance. Setting up your own Google OAuth application lets you customize authentication in more detail. This guide walks you through creating a Google OAuth 2.0 application for your ngrok endpoints.

What you’ll need

  • A Google Cloud Platform account and project.
  • Your ngrok authtoken and an endpoint with the OAuth action in its Traffic Policy.
ngrok configures its OAuth settings in the Google Auth Platform, which replaces the former OAuth consent screen. Follow Google’s OAuth 2.0 setup documentation to configure the consent screen, and set the following for ngrok:
  • Authorized domains: add ngrok.com along with your application’s homepage domain.
  • Scopes: keep the email and profile scopes selected, and add any additional scopes your application requires. Save the full scope URIs for later. See possible scope URIs for options.
  • Audience: select whether your application is an internal or external app.
Applications that require Google verification cannot complete setup and are not supported by ngrok.

2. Create credentials for ngrok

Create an OAuth Web application client (see Google’s documentation), and set the following:
  • Authorized redirect URIs: https://idp.ngrok.com/oauth2/callback
Securely store the Client ID and Client secret from the final screen for use in your Traffic Policy below. The client secret is shown only once.

3. Update your ngrok endpoint Traffic Policy

  1. Access the ngrok Dashboard Endpoints page and locate an existing endpoint you’d like to add this to or create a new one.
  2. In your traffic policy, add the following configuration:
You may add any scopes that are required by your application with the following caveats.
Click Save to validate and update your traffic policy.

Configure access control

Optionally, configure access control to your service by only allowing specific users or domains.

Further resources