FluxyAPIFluxyAPI
BlocksOAuth Providers

Google OAuth2 Exchange

Authenticate users via Google's OAuth2 and OpenID Connect to retrieve tokens and user profile data.

The Google OAuth2 Exchange block is used to exchange an authorization code for access tokens and user profile information. This is a critical step in implementing "Sign in with Google" or accessing Google APIs like Calendar, Drive, or Gmail.

Core Concept

Think of the Authorization Code as a one-time ticket. After the user approves your app on Google's site, they are sent back to your Redirect URI with this ticket. This block takes that ticket and exchanges it for a permanent set of keys (Tokens) and the user's ID card (Profile).

Configuration

FieldRequiredDescription
Client IDYour Google application's Client ID. Found in the Google Cloud Console.
Client SecretYour Google application's Client Secret. Must be stored as a Secret.
Redirect URIThe URI where Google redirects the user after authorization.
Authorization CodeThe code received from Google (e.g., {request.query.code}).
Token VariableThe variable name where the resulting data will be stored.
Security Requirement

Always store your Client Secret in the project's Secrets configuration. Never hardcode it as a plain string in the block.

Output

Once executed, the block stores a JSON object in your specified variable:

{
  "tokens": {
    "access_token": "ya29.a0AfH6SM...",
    "expires_in": 3599,
    "scope": "openid email profile",
    "token_type": "Bearer",
    "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..."
  },
  "user": {
    "id": "1061891123456789",
    "email": "[email protected]",
    "verified_email": true,
    "name": "John Doe",
    "picture": "https://lh3.googleusercontent.com/..."
  }
}

You can access specific fields using dot notation:

  • {exchange.user.email}
  • {exchange.tokens.access_token}

Error Handling

  • MISSING_CLIENT_ID — The Client ID field is empty.
  • MISSING_CLIENT_SECRET — The Client Secret selection is empty.
  • MISSING_REDIRECT_URI — The Redirect URI is missing.
  • MISSING_CODE — No authorization code was provided.
  • SECRET_RETRIEVE_ERROR — Failed to retrieve the secret from storage.
  • INVALID_CODE — The authorization code is invalid or has already been used.
  • INVALID_CLIENT — Client authentication failed (check your Client Secret).
  • INVALID_REDIRECT_URI — The Redirect URI does not match the one registered in Google Cloud.
  • INVALID_REQUEST — The request is missing a required parameter.
  • USER_FETCH_ERROR — Failed to retrieve the user profile after token exchange.
  • RUNTIME_ERROR — An unexpected error occurred.

Example

  1. User Login: Redirect your user to Google's Auth URL.
  2. Callback: Google redirects to your endpoint: https://api.yourflux.com/callback?code=4/0Af....
  3. Exchange: Use this block to process the code:
    • Authorization Code: {request.query.code}
    • Token Variable: google_auth
  4. Result: You now have {google_auth.tokens.access_token} to make further API calls.

Other OAuth Providers

On this page