"google" for OAuth in your Traffic Policies without specifying a Google OAuth application, visitors are authenticated using ngrok’s managed Google OAuth instance.
Setting up your own Google OAuth application lets you customize authentication in more detail.
This guide walks you through creating a Google OAuth 2.0 application for your ngrok endpoints.
What you’ll need
- A Google Cloud Platform account and project.
- Your ngrok authtoken and an endpoint with the OAuth action in its Traffic Policy.
1. Configure the consent screen
ngrok configures its OAuth settings in the Google Auth Platform, which replaces the former OAuth consent screen. Follow Google’s OAuth 2.0 setup documentation to configure the consent screen, and set the following for ngrok:- Authorized domains: add
ngrok.comalong with your application’s homepage domain. - Scopes: keep the
emailandprofilescopes selected, and add any additional scopes your application requires. Save the full scope URIs for later. See possible scope URIs for options. - Audience: select whether your application is an internal or external app.
Applications that require Google verification cannot complete setup and are not supported by ngrok.
2. Create credentials for ngrok
Create an OAuth Web application client (see Google’s documentation), and set the following:- Authorized redirect URIs:
https://idp.ngrok.com/oauth2/callback
3. Update your ngrok endpoint Traffic Policy
- Access the ngrok Dashboard Endpoints page and locate an existing endpoint you’d like to add this to or create a new one.
- In your traffic policy, add the following configuration:
You may add any scopes that are required by your application with the following caveats.
- Scopes which require a Facebook app review are unsupported.
- ngrok will enforce that users accept all permissions before completing authorization.
Configure access control
Optionally, configure access control to your service by only allowing specific users or domains.Further resources
- Google OAuth 2.0 Web Server (prerequisite steps)
- GCP Help: Setting up OAuth 2.0
- Google OAuth 2.0 workflow