How To: Google Services Client ID & Secret

Assuming your app is, you have a google/gmail account & are signed in, here are the steps.

  1. Go to:

  1. Click the option as seen above.

  2. Now we need a project to hold our settings / credentials. This will tend to end up as a one project per bubble app.

  1. After clicking + to create a new project you will see the below. Name your project and click create.


  1. Once again, click the below option.

  1. Then select your newly created project.


  1. Click Credentials then Create Credentials and finally API Key.

  1. Click Restrict Key.

  2. Then fill out the Restriction Page,

  1. Click Save.


NOW - FOR OAuth:

  1. Click Credentials then OAuth Consent Screen.

  1. Setup The Consent Settings.

  1. Click Save.

  2. Click Create Credentials & OAuth Client ID.

  1. Fill out the form.

  1. Click Create & your Client ID & Secret will be shown to you.



For each API you intend to use you will need to first enable them.

  1. Go to Library and either search for or select your chosen API.

  1. Click Enable.

Your Done!

If you find an API or difference in your travels, Please help the community and put it in a comment below.


Well done, Jarrad, thanks a lot!


Levon Terteryan
Founder@Bubblewits - #1 No-code Developer & Bubble Certified Partner - Get in Touch! - Buy Great Bubble Templates - Bubble Apps collection

Thanks, Jarrad! Really helps to see everything laid out end to end.

I’ve been having trouble successfully connecting to the google cloud apis (for sql storage) from the API connector on the bubble side. It would be amazing if you could map out an example for where all of these fields go within the API connector & the bubble-side process for connecting!


@jarrad - I agree with @susanne that a part 2 of this guide would be awesome!

I’ve been at it for several hours, and still can’t seem to get Google Drive connected through the API Connector. What you have put up so far has been helpful… started a thread on that here

I have successfully hooked up Google Cloud Vision API via the Bubble API Connector, which was relatively straightforward using a service account API key. However, hooking into Google Cloud Storage API is proving much more difficult. Has anyone had any luck doing so? Maybe you @jarrad? The process seems to be much more convoluted, and I am completely stuck trying to figure out Google’s OAuth2 flow for a service account. It involves obtaining a signed JWT to exchange for a bearer token. I’ve followed Google’s documentation as well as I can, and created what I thought was a valid signed JWT, but when I go to exchange it for the bearer token (in Postman) I ultimately still get an error: “invalid_grant” (error_description: “Invalid JWT signature”). Not having any luck troubleshooting on the web/StackOverflow. Can anyone help?

1 Like

Just looking at a few parts of your message im wondering in what case your using a service account with an API key? but the other thing is when you say OAuth flow - what exactly are you expecting to see using a service account in regards to this? its not a trick question, i have seen a few people go around in circles trying to perform end user tasks with service accounts and expecting the whole auth flow to be the same.

1 Like

I’m trying to get a list of bucket objects from Google Cloud Storage JSON API. Unlike the Cloud Vision API, which has minimal security since it’s just a processing API (therefore allows a simple service account API key to use the API), the Storage API requires OAuth – at least I think it does – because it is in theory accessing user data. In my case, all of the objects are publicly accessible, but I still can’t see any way to get the storage API to return the object list without authenticating with something more than just my service account API key.

When reading the documentation, it seems that Google Cloud Storage JSON API has both a “normal” user OAuth flow as well as a specific flow for applications (service accounts). Reference here:, which includes this excerpt …

A server-centric flow allows an application to directly hold the credentials of a service account to complete authentication. Use this flow if your application works with its own data rather than user data. Google Cloud Platform projects have default service accounts you can use, or you can create new ones.

… and an entire section beneath it on Service Account Credentials, the operative part being this:

When you use a service account to authenticate your application, you do not need a user to authenticate to get an access token. Instead, you obtain a private key from the Google Cloud Platform Console, which you then use to send a signed request for an access token. You can then use the access token like you normally would.

I obtained the private key for my service account (easy), but I keep ending up in circles trying to figure out how to exchange it for the bearer token that I need for my API calls.

Have PM’d you.

Need a JSON Web Token for you project?

1 Like

The keys you need to copy into bubble are the OAuth 2.0 client ID’s Client ID and Client Secret from the Google cloud console:

So the Client ID goes into App ID/API Key and Client Secret goes into App secret

I also couldn’t get this to work until I checked the Use a generic redirect URL and copied that url under the Authorized Redirect URIs back in the Google Cloud Console.



So I understand that the email of a user who has signed up with a social login should be set using an external api > the social login provider’s endpoint

but what should I set the password to? A random string of characters?

Ahhh: UPDATE You don’t have to manually save the email and you don’t make a password (the Oauth provider has us covered on that). Just make changes to the User object like so:


hey Edd - did you manage to get this working as you’ve described using a Google service account key? I too have the requirement to access my entire firebase database and need a single auth rather than for each individual user.

Your response is much appreciated.

1 Like

does it work the way you showed

No, but I don’t think there’s much mystery on the Google side; if memory serves me well, I think it was just the general confusion of how to get a signed JWT. @jarrad may be able to help you (via PM).

thanks Edd!

@jarrad I’ve PM’ed you in the hope you may be able to assist - cheers!

Should I choose individual or external?

I’m trying to do this for the Google Calendar API and since that requires access to sensitive information it looks like Google requests that you register the domain. But I’m not ready to publish by Bubble app and still using the test domain.

For now I’m getting this 403 Error.
Anyone know how to register these test Bubble domains?

Thank you!

Just an update here in 2021

After the user has signed in via Google or Facebook, their profile information such as first_name and profile_photo will be available on the current_user like so:

It’s a little confusing because this data doesn’t show up in the database/user table definitions but… as you can see above… it’s there.