Authenticating into Node-RED using Google OAuth - Working Solution

Saw some questions in the forum about authenticating into Node-RED using Google OAuth, but couldn't find a working example.
So here is the code after I got it working with passport-google-oauth.

Please let me know if this works for you or not.

adminAuth: {
  type: "strategy",
  strategy: {
    name: "google",
    label: 'Sign in with Google',
    icon: "fa-google",
    strategy: require('passport-google-oauth').OAuth2Strategy,
    options: {
      clientID: 'some client id',
      clientSecret: 'some client secret',
      scope: 'email',
      callbackURL: "",
      verify: function (token, tokenSecret, profile, done) {
        profile.username = profile.emails.find(x => x.verified).value;
        done(null, profile);
  users: function (username) {
    return Promise.resolve({
      username: username,
      permissions: "*"

Does this need any settings in Google API's? Also, does it need a callback URL that is actually accessible by Google? (quite a lot of these API's don't).

Yes, this required generating a ClientId and ClientSecret at
The "Authorized redirect URIs" I entered there must match the callbackURL that I set in the strategy options in Node-RED.

Adding screenshots of the admin settings below.

Regarding whether the callback really needs to be accessible by Google, I'm afraid I don't know.
My Node-RED instance is publicly available but I don't know if this is a must.


That really helped. Thanks a lot!

Hi all!, i want to try this out.

Is there any update about it or is it fine with the initial code if @cowchimp ?


I just implemented this and it works great. A couple of things I noticed:

  1. you need to install passport-google-oauth with npm or you'll get a settings error: npm install passport-google-oauth
  2. I believe a comma is missing after the last close bracket, e.g. },
  3. In the google credentials settings, you have to add the redirect url as
  4. MOST IMPORTANT: This allows ANYONE with a google account to sign in. I'm able to restrict it to my organization / workspace account by leaving it as "internal", but just please be aware!

You can address #4 by changing out the section here:

  users: function (username) {
    return Promise.resolve({
      username: username,
      permissions: "*"


  users: {[ username: "" , permissions: "*" ]} 

like you would with the standard "credentials" login type.

One last thing: once you're logged in, your google profile picture show up in the upper right hand corner next to the hamburger menu. :slight_smile: