docs: add local setup, testing mode, scopes and troubleshooting to Google OAuth page

[pir-ahsan-raza]

Closes #3235

The Google OAuth single service page didn't cover a few things that
commonly confuse new users, so I added some missing sections.

What I added:

• Local development: localhost works as a redirect URI, no public domain or SSL needed
• Testing mode: you have to manually add test users or the OAuth flow won't work
• OAuth scopes: use the minimum scopes needed, especially with AI agent workflows
• Troubleshooting: redirect_uri_mismatch, access denied, and invalid_client with fixes

Links to the relevant Google docs are included throughout. Let me know if
anything needs changing.

---

Summary by cubic

Expanded and restructured the Google OAuth single‑service docs to make local setup and debugging easier. Adds localhost redirect URI setup (no domain/SSL needed), testing mode with test users and when to publish, minimal scope guidance, and troubleshooting for redirect_uri_mismatch, app not verified/access denied, and invalid_client.

^{Written for commit 5332d6e. Summary will update on new commits. Review in cubic}

[netlify]

✅ Deploy Preview for n8n-docs ready!

Name	Link
🔨 Latest commit	5332d6e
🔍 Latest deploy log	https://app.netlify.com/projects/n8n-docs/deploys/6a0ccb0123b9350007a6f28a
😎 Deploy Preview	https://deploy-preview-4517--n8n-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[CLAassistant]

All committers have signed the CLA.

[cubic-dev-ai]

No issues found across 1 file

Architecture diagram

sequenceDiagram
    participant User as Developer (Browser)
    participant n8n as n8n Server
    participant GConsole as Google Cloud Console
    participant GAuth as Google OAuth Service

    Note over User,GConsole: Phase 1: Configuration (NEWly documented)
    
    User->>GConsole: Create Project & OAuth Client
    User->>GConsole: NEW: Set Redirect URI (e.g., http://localhost:5678/...)
    User->>GConsole: NEW: Configure Testing Mode & add Test Users
    GConsole-->>User: Client ID & Client Secret
    
    Note over User,n8n: Phase 2: n8n Credential Setup
    
    User->>n8n: Input Client ID & Secret
    User->>n8n: NEW: Define Minimum Required Scopes
    n8n->>User: Redirect to Google Authorization URL

    Note over User,GAuth: Phase 3: Runtime Authorization Flow
    
    User->>GAuth: Authenticate with Google Account
    
    alt NEW: Troubleshooting - Client Validation
        GAuth->>GAuth: Check Client ID/Secret
        opt invalid_client
            GAuth-->>User: Error: Check for spaces or incorrect credentials
        end
    end

    alt NEW: Troubleshooting - URI Validation
        GAuth->>GAuth: Match request redirect_uri vs Registered URIs
        opt redirect_uri_mismatch
            GAuth-->>User: Error: Ensure n8n URL matches Console exactly
        end
    end

    alt NEW: Troubleshooting - Testing Mode
        GAuth->>GAuth: Verify if Account is in "Test Users" list
        opt Access Denied / App Not Verified
            GAuth-->>User: Error: User must be added to OAuth Consent screen
        end
    end

    GAuth-->>User: Grant Authorization (Specific Scopes)
    User->>n8n: Return Authorization Code
    n8n->>GAuth: Exchange Code for Access Token
    GAuth-->>n8n: Access Token (Scoped)
    n8n-->>User: Connection Successful

Loading

[pir-ahsan-raza]

Done!

[RoRoJ]

Thanks for your contribution! I've suggested moving this information around quite a bit to keep the doc tightly structured, and help users find the relevant information at the relevant step of the flow.

[RoRoJ]

I think we can avoid adding this as a whole new section by referencing it in an admonition under step 5 of ## Configure your OAuth consent screen. Then simply link to the existing troubleshooting which we can enrich with some more information. For example:

/// note | Testing mode and test users
If you select External, your app will default to Testing mode. In this mode, only Google accounts you manually add as test users can complete the OAuth flow - everyone else will see an "access denied" screen. See Google hasn't verified this app to learn how to add them.
///

...and modify the second bullet point in the troubleshooting to take into account adding other users who are getting the warning message as testers. Also include the "When to publish" admonition.

[RoRoJ]

This whole section should be merged into the existing Troubleshooting section.

[RoRoJ]

I'm not sure this is relevant here in the single service credential page, as the user never sees or configures the scopes, n8n just requests what it needs for that specific service. It could go here as an admonition/warning.

Incidentally, I think the info about test users and the redirect URL for self hosters should be added in the oauth generic doc too, to keep them both up to date and symmetrical.

[RoRoJ]

Hi @pir-ahsan-raza, did you get a chance to look at my suggestions?
Let me know if you'd rather I go ahead and close this PR and apply the suggested modifications myself in a fresh branch, happy to do so.

[pir-ahsan-raza]

Hi @pir-ahsan-raza, did you get a chance to look at my suggestions? Let me know if you'd rather I go ahead and close this PR and apply the suggested modifications myself in a fresh branch, happy to do so.

Sorry for the delay, applying your suggestions now.

[pir-ahsan-raza]

Hi @pir-ahsan-raza, did you get a chance to look at my suggestions? Let me know if you'd rather I go ahead and close this PR and apply the suggested modifications myself in a fresh branch, happy to do so.

Applied all your suggestions. restructured the admonitions, merged the troubleshooting sections, and removed the standalone local dev and scopes sections. Let me know if anything needs adjusting.