Enabling Google OAuth Locally for n8n: macOS and Windows Guide

Revanth Reddy Tondapu
Aug 15
3 min read

For reliable, no-hassle local testing of Google OAuth with n8n on macOS or Windows, use the Installed (Desktop) app flow. If you require a public callback URL for full browser-based flows, only a custom, verified domain pointed to your tunnel (e.g., ngrok) satisfies Google’s domain requirements—public tunnels alone (ngrok.io, localhost.run) cannot be authorized.

1. Why Local OAuth Requires Special Handling

Google’s OAuth consent screen demands that any domain you list be:

A top-level domain you own and verify in Google Search Console.
Present in your OAuth client’s Authorized redirect URIs.

“localhost” and multi-tenant tunnels (ngrok.io, localhost.run) are not owner-verified, so Google blocks them.

2. Method 1: Desktop (Installed) App OAuth Client

Best for: Quick local development on macOS or Windows—no public URL required.

Why It Works

Installed applications bypass the Authorized Domains check and permit localhost redirect URIs.

Step-by-Step (macOS & Windows)

Sign in to Google Cloud Console, select your project.
Go to APIs & Services > Credentials.
Click Create Credentials > OAuth client ID.
Choose Application type: Desktop app.
Name it (e.g., “n8n Local Dev”) and click Create.
Copy the generated Client ID and Client Secret.
In n8n credentials (UI or environment variables), set:

N8N_OAUTH2_CREDENTIALS_GOOGLE_CLIENT_ID=<Client ID> N8N_OAUTH2_CREDENTIALS_GOOGLE_CLIENT_SECRET=<Client Secret>

Ensure your OAuth node’s redirect URI is:

http://localhost:5678/rest/oauth2-credential/callback

Start n8n:
- macOS & Windows:

n8n start

Trigger the OAuth flow in n8n. Google redirects to localhost, and n8n captures the token automatically.

Result: OAuth completes successfully without domain or tunnel setup.

3. Method 2: Custom Domain + Tunnel (Advanced)

Best for: Full browser-based OAuth flows (webhooks, CORS) on macOS or Windows.

Overview

Use a domain you control and verify in Search Console.
Point a subdomain at your tunnel endpoint.
Add your root domain to Authorized domains.
Configure a Web application OAuth client with the custom subdomain callback.

Step-by-Step

A. Domain & DNS Configuration

Buy or use dev-example.com.
In DNS, add:

n8n.dev-example.com CNAME <your-ngrok-subdomain>.ngrok-free.app

Verify dev-example.com in Google Search Console.

B. Google Cloud Settings

OAuth consent screen > Branding
- Add dev-example.com under Authorized domains.
APIs & Services > Credentials
Create/Edit OAuth client ID → Web application.
Under Authorized redirect URIs, add:

https://n8n.dev-example.com/rest/oauth2-credential/callback

C. Tunnel Setup

Install and run your tunnel tool (ngrok, Cloudflare Tunnel, etc.) on macOS or Windows:

# ngrok example
ngrok http 5678

Confirm n8n.dev-example.com forwards correctly.

D. n8n Configuration

In OAuth credentials, set:

Auth URI:     https://accounts.google.com/o/oauth2/auth
Token URI:    https://oauth2.googleapis.com/token
Redirect URI: https://n8n.dev-example.com/rest/oauth2-credential/callback
Client ID/Secret: (from Web application client)

E. Run & Verify

Open https://n8n.dev-example.com in browser.
Trigger OAuth; Google redirects back and n8n logs the token.

4. Platform-Specific Tunnel Installation

Platform	ngrok Install	Alternative Tunnel
macOS	brew install --cask ngrok	Cloudflare: brew install cloudflared
Windows	Download from ngrok.com, add to PATH	Cloudflare: Download and install cloudflared CLI

5. Troubleshooting & Tips

401 Unauthorized: Expected for /rest/login before n8n session; harmless.
Redirect URI mismatch: Ensure exact match of protocol, domain, port, and path.
Domain save errors: Public tunnel domains can’t be added—use Desktop App or verified domain.
Tunnels expire: Free ngrok URLs change each session; adjust DNS/CNAME or upgrade for fixed subdomains.

6. Method Comparison

Method	Domain Ownership Req’d?	Authorized Domains	Setup Effort	Use Case
Desktop App OAuth	No	Not needed	Low	Simple localhost testing
Custom Domain + Tunnel	Yes	Verified domain	High	Full web-app OAuth flows
Public Tunnel Only (ngrok)	No	Not allowed	Medium	Non-Google OAuth or short tests

✅ Summary

Desktop (Installed) App OAuth is the fastest, works on both macOS and Windows with no domain hurdles.
Custom domain + tunnel is the only way to meet Google’s domain requirements for web application OAuth flows.
Public tunnels alone cannot satisfy Google’s consent screen rules and are best reserved for non-Google OAuth tests.

Choose the method that aligns with your development needs and environment to ensure smooth, local testing of Google OAuth with n8n.