Skip to main content

Documentation Index

Fetch the complete documentation index at: https://authsome.agentr.dev/docs/llms.txt

Use this file to discover all available pages before exploring further.

Google is a bundled OAuth2 provider in authsome. Gmail, Drive, Calendar, Sheets, Cloud Storage, and any service under *.googleapis.com. Authsome’s host_url is a regex (regex:.*googleapis.*).

At a glance

Provider namegoogle
Display nameGoogle
Auth typeOAuth2
Default flowpkce, PKCE browser flow
PKCE supportedYes
Device code supportedYes
DCR supportedNo
Default scopesopenid, profile
Proxy hostregex:.*googleapis.*
Env var (access_token)GOOGLE_ACCESS_TOKEN
Env var (refresh_token)GOOGLE_REFRESH_TOKEN

Prerequisites

You need to register an OAuth app with Google once. Create OAuth client credentials in the Google Cloud Console under APIs & Services. Pick “Desktop app” or “Web app” with the authsome callback URL. The redirect URI must be: 
http://127.0.0.1:7998/auth/callback/oauth
This is the only callback URL authsome’s PKCE flow listens on. Dashboard: https://console.cloud.google.com/apis/credentials.

Log in

uvx authsome login google
The first time, authsome opens a local form at http://127.0.0.1:7998 to collect your client_id and client_secret. They are encrypted under your profile and reused on every subsequent login. A second browser window then opens to https://accounts.google.com/o/oauth2/v2/auth for the authorization step. Verify: 
uvx authsome get google --field status
# → connected

Headless setup

For SSH or CI environments, use the device code flow: 
uvx authsome login google --flow device_code
See Headless setup for the full flow.

Custom scopes

The bundled definition requests openid, profile. Override at login time: 
uvx authsome login google --scopes "<comma-separated>"
The granted scopes are stored on the connection and visible in uvx authsome get google.

Multiple accounts

Pass --connection <name> on login and on every read command to keep two or more accounts on the same provider side by side. See Multiple connections per provider for the full pattern. 
uvx authsome login google --connection personal
uvx authsome login google --connection work

Use the token

Run the agent under the proxy. The library tab is for embedding authsome inside a larger Python orchestrator. 
uvx authsome run -- python my_agent.py
Under the proxy, authsome sets GOOGLE_ACCESS_TOKEN=authsome-proxy-managed in the child’s environment and injects the real token into outbound requests to regex:.*googleapis.*. The child process never sees the actual value. Refresh tokens are never exported.

Override the bundled definition

uvx authsome inspect google > ~/.authsome/providers/google.json
# edit scopes, base_url, or anything else
uvx authsome list   # source now shows "custom" for google
User-registered files always win over bundled definitions. See Provider schema.

What’s next

Run agents with the proxy

Inject the access token into outbound requests without exposing it.

Multiple connections per provider

Keep two or more accounts on the same provider side by side.

Provider schema

Every field in a provider definition.

OAuth providers

All bundled OAuth providers.