How to use Google authentication with Python and Authlib

Last update: April 09, 2025

Introduction

Managing usernames, passwords, and user security is often tedious and risky for developers.

Google OAuth streamlines this by allowing users to log in directly with their Google accounts, so your app doesn't have to store passwords or sensitive credentials. Your app decides exactly what user information it needs—such as email addresses or basic profile details, allowing users share this information.

Follow this article to get going with Google authentication in minutes, using the Authlib package.

Log into your Google Cloud console and select a project

  1. Open the Google Cloud Console.
  2. Log in with your Google account.
  3. From the top of the page, select a project. You can create a new project, or select an existing one.. Selecting an image in Google Cloud Console.
  4. From the navigation menu on the left, select APIs & Services ➜ OAuth consent screen.
  5. Click on "Get Started", provide a name for your app and a support email, then click 'Next'.
  6. For Audience, Choose 'External' to allow anyone with a Google account to use your app.
  7. In the overview tab, choose "Create OAuth client".
    1. For the application type, choose web application.
    2. Provide a name for your application, for example 'AuthClient'.
    3. Under 'Authorized JavaScript origins', add URI, then choose the domain for your application. If the application is running on your local machine, specify the local IP adress and the port, for example: "http://127.0.0.1:5000"
    4. Under 'Authorized redirect URIs', add URI, here you need to specify the redirection URL - where users will be redirected to upon successful login. For example, "http://127.0.0.1:5000/authorize"
    5. Click on Create and the application's client ID and client secret will be displayed. You can always copy them again from the Clients tab.
  8. From the menu on the left, choose "Data Access", then "Add or remove scopes". Check the first three boxes - userinfo.email, userinfo.profile, openid, then scroll down and click on "Update". Then, in the Data Access page, scroll down and save.
  9. Open your terminal, navigate to your Python folder and (optionally) create a Python virtual environment
  10. pip install flask authlib
  11. Copy the following code to a new file, for example server.py
    1. Update your client_id and client_secret
    2. Make sure that your authorized route matches what you defined in 'Authorized redirect URIs' in the Clients tab
  12. To start your server, run:
    python server.py
from flask import Flask, url_for, session, redirect
from authlib.integrations.flask_client import OAuth

app = Flask(__name__)
app.secret_key = 'app-secret-key'

oauth = OAuth(app)

google = oauth.register(
    "myApp",
    client_id='Your-google-client-id',
    client_secret='Your-google-secret',
    server_metadata_url='https://accounts.google.com/.well-known/openid-configuration',
    client_kwargs={'scope': 'openid email profile'},
)

@app.route('/')
def homepage():
    print('home page')
    return '<a href="/login">Log in with Google</a>'

@app.route('/login')
def login():
    redirect_uri = url_for('authorize', _external=True)
    return google.authorize_redirect(redirect_uri)

@app.route('/authorize')
def authorize():
    token = google.authorize_access_token()
    session['user'] = token

    userToken = session.get('user')
    userInfo = userToken['userinfo']
    page = f'<h2>Hello {userInfo['given_name']}</h2>'
    page += '<p><strong>Your email:</strong></p>'
    page += f'<p>{userInfo['email']}</p>'
    return page

if __name__ == '__main__':
    app.run(debug=True)
StocksComparison.com ad
 

0 Comments

Add a new comment: