How to Configure Google Login with Task Session: Complete Setup Guide

Task Session now supports Google OAuth 2.0 login, allowing users to sign in with their Google accounts for a seamless authentication experience. This comprehensive guide will walk you through the entire process of setting up Google Login with your Task Session installation.

Table of Contents

• Prerequisites
• Step 1: Create Google Cloud Project
• Step 2: Configure OAuth Consent Screen
• Step 3: Create OAuth 2.0 Credentials
• Step 4: Configure Task Session
• Step 5: Test Google Login
• Features & Benefits
• Registration Settings
• Troubleshooting
• Security Best Practices

Prerequisites

Before starting the Google Login setup, ensure you have:

• Task Session installed and running
• Admin access to your Task Session installation
• Google account with access to Google Cloud Console
• Domain with SSL certificate (HTTPS required for OAuth)
• PHP 8.0+ with cURL and OpenSSL extensions enabled

Step 1: Create Google Cloud Project

1. Visit Google Cloud Console

• Go to Google Cloud Console
• Sign in with your Google account

2. Create New Project

• Click on the project dropdown at the top
• Select “New Project”
• Enter project name: Task Session Google Login
• Choose your organization (if applicable)
• Click “Create”

3. Select Your Project

• Make sure your newly created project is selected
• You’ll see the project name in the top navigation bar

Step 2: Configure OAuth Consent Screen

1. Navigate to OAuth Consent Screen

• In the Google Cloud Console, go to “APIs & Services” > “OAuth consent screen”
• If this is your first time, you’ll need to configure it

2. Choose User Type

• Select “External” (unless you have a Google Workspace account)
• Click “Create”

3. Fill in App Information

• App name: Task Session Login (or your preferred name)
• User support email: Your email address
• App logo: (Optional) Upload your Task Session logo
• App domain: Your Task Session domain (e.g., portal.yourdomain.com)
• Developer contact information: Your email address
• Click “Save and Continue”

4. Configure Scopes

• Click “Add or Remove Scopes”
• Add the following scopes:
  • openid – OpenID Connect
  • email – See your primary Google Account email address
  • profile – See your personal info, including any personal info you’ve made publicly available
• Click “Update” then “Save and Continue”

5. Add Test Users (if in Testing mode)

• If your app is in “Testing” mode, add test user emails
• Only these users will be able to sign in until you publish the app
• Click “Save and Continue”

6. Review and Submit

• Review all the information
• Click “Back to Dashboard”
• If you want to publish immediately, click “Publish App” (for production use)

Step 3: Create OAuth 2.0 Credentials

1. Go to Credentials

• Navigate to “APIs & Services” > “Credentials”
• Click “Create Credentials” > “OAuth 2.0 Client IDs”

2. Configure OAuth Client

• Application type: Web application
• Name: Task Session Google Login
• Authorized redirect URIs:https://yourdomain.com/vendor/google/g-login/auth/google_callback.php?? Important:
  • Replace yourdomain.com with your actual Task Session domain
  • The URL must use HTTPS (required for OAuth)
  • Copy this exact URL from your Task Session admin panel (shown in the settings page)

3. Create and Save Credentials

• Click “Create”
• A popup will appear with your credentials
• Copy the Client ID – You’ll need this immediately
• Copy the Client Secret – You’ll need this immediately
• Important: Save these credentials securely. The Client Secret will only be shown once!
• Click “OK” to close the popup

4. Verify Redirect URI

• In the credentials list, click on your newly created OAuth client
• Verify the redirect URI is exactly: https://yourdomain.com/vendor/google/g-login/auth/google_callback.php
• If you need to add multiple redirect URIs (for different environments), you can add them here

Step 4: Configure Task Session

1. Access Google Login Settings

• Log in to your Task Session admin panel
• Navigate to System Settings > Google Login
• Or directly visit: https://yourdomain.com/admin/google-login.php

2. Enable Google Login

• Check the “Enable Google Login” toggle switch
• This activates the Google Login feature

3. Configure Registration Settings

• Allow New Registration via Google:
  • Enabled: New users can create accounts by signing in with Google
  • Disabled: Only existing users can login with Google (no new registrations)
• Choose the setting that fits your security requirements

4. Enter API Credentials

• Client ID: Paste your Google OAuth 2.0 Client ID
• Client Secret: Paste your Google OAuth 2.0 Client Secret
• Authorized redirect URI: This should auto-populate, but verify it matches your Google Cloud Console setting

5. Save Settings

• Click “Save Settings” button in the sidebar
• You should see a success message confirming the settings were saved
• The status section will update to show your configuration status

6. Verify Configuration

• Check the “Status” sidebar widget – all items should show green checkmarks:
  • Client ID
  • Client Secret
  • Redirect URI
  • Enabled
• If any item shows a red X, double-check your configuration

Step 5: Test Google Login

1. Test from Admin Panel

• In the Google Login settings page, click “Start Google Login” button in the sidebar
• This will open Google’s authorization page in a new tab
• Select a Google account to test with
• You should be redirected back to Task Session

2. Test from Login Page

• Go to your Task Session login page: https://yourdomain.com/index.php
• You should see a “Continue with Google” button below the login form
• Click the button
• Select your Google account
• Grant permissions if prompted
• You should be logged in and redirected to your dashboard

3. Verify User Creation/Login

• If registration is enabled: A new user account should be created
• If registration is disabled: Only existing users with matching emails can login
• Check the user’s account status and profile information
• Verify the user is redirected to the correct dashboard (Admin/Client/Staff)

Features & Benefits

Once successfully configured, Task Session’s Google Login provides:

Enhanced Authentication

• Single Sign-On (SSO): Users can sign in with their Google accounts
• No Password Management: Reduces password-related support requests
• Secure OAuth 2.0: Industry-standard authentication protocol
• Two-Factor Authentication: Leverages Google’s 2FA if enabled on user’s account

User Experience

• Quick Login: One-click authentication with Google
• Profile Sync: Automatically imports name and profile picture from Google
• Email Verification: Uses Google’s verified email addresses
• Seamless Integration: Works alongside traditional email/password login

Account Linking

• Existing Account Linking: Links Google accounts to existing Task Session accounts
• Multiple Auth Methods: Users can login with either Google or password
• Account Security: Prevents account takeover with proper validation

Admin Control

• Registration Control: Enable or disable new user registration via Google
• User Management: All Google-login users appear in your user list
• Account Status: New Google users are created as Client accounts by default

Registration Settings

Registration Enabled

When “Allow New Registration via Google” is enabled:

• New users can create accounts by signing in with Google
• Users are automatically created as Client accounts (accountStatus = 2)
• Profile information (name, email, picture) is imported from Google
• Email is automatically marked as verified

Registration Disabled

When “Allow New Registration via Google” is disabled:

• Only existing Task Session users can login with Google
• New Google sign-ins will show: “Account not found. Google registration is disabled.”
• Users must be created manually by an admin first
• Existing users can link their Google account for easier future logins

Account Linking Behavior

• If a user with the same email exists but uses password login, Google Login will automatically link the accounts
• After linking, the user can login with either Google or password
• The account’s auth_provider is updated to “google”

Troubleshooting

Common Issues and Solutions

“OAuth configuration error”

Problem: Google Login settings page shows configuration error

Solution:

• Verify Client ID and Client Secret are correctly entered (no extra spaces)
• Ensure “Enable Google Login” toggle is checked
• Check that the redirect URI matches exactly in both Google Cloud and Task Session
• Clear browser cache and cookies

“Invalid OAuth state, please try again”

Problem: State parameter mismatch during OAuth flow

Solution:

• Clear all cookies for your domain
• Ensure your site uses HTTPS (required for OAuth cookies)
• Check that session cookies are working properly
• Try the login flow in an incognito/private browser window

“invalid_grant” Error

Problem: Token exchange fails with invalid_grant error

Solution:

• Verify Client ID and Client Secret match exactly in Google Cloud and Task Session
• Ensure the redirect URI is identical in both places (including trailing slashes)
• Clear all cookies and try a fresh login flow
• Check that authorization codes are not being reused (they’re single-use)
• Verify server clock is synchronized (NTP)
• Regenerate Client Secret in Google Cloud if needed, then update Task Session

“Account not found. Google registration is disabled”

Problem: User tries to login but account doesn’t exist

Solution:

• If you want to allow new registrations: Enable “Allow New Registration via Google” in settings
• If registration should be disabled: Create the user account manually first, then they can login with Google
• Verify the user’s email matches exactly in both systems

“Redirect URI mismatch”

Problem: Google shows redirect URI doesn’t match

Solution:

• Copy the exact redirect URI from Task Session admin panel
• Add it to Google Cloud Console ? Credentials ? OAuth 2.0 Client ? Authorized redirect URIs
• Ensure it uses HTTPS (not HTTP)
• Check for trailing slashes or path differences
• Wait a few minutes after adding the URI (Google may cache changes)

Google Sign-In Button Not Showing

Problem: “Continue with Google” button doesn’t appear on login page

Solution:

• Verify “Enable Google Login” is checked in admin settings
• Ensure Client ID and Client Secret are entered
• Check that the status shows all green checkmarks
• Clear browser cache

User Created but Can’t Access Dashboard

Problem: User logs in but gets redirected back to login page

Solution:

• Check the user’s accountStatus in the database
• Verify the user account is activated (status = 1)
• Check session configuration and cookie settings
• Review server error logs for session-related issues

Debug Tools

Task Session includes a debug page to help troubleshoot issues:

• Visit: https://yourdomain.com/vendor/google/g-login/debug/status.php
• This page shows:
  • Configuration status
  • Database settings
  • Session and cookie information
  • Server time and OpenSSL status
  • Recent error logs
• Use this information to diagnose configuration problems

Security Best Practices

Credential Security

• Never share your Client ID and Client Secret publicly
• Store credentials securely in the database (Task Session does this automatically)
• Regular rotation of OAuth credentials (every 90 days recommended)
• Limit access to admin panel where credentials are stored

OAuth Security

• Use HTTPS only: OAuth requires secure connections
• Validate redirect URIs: Only allow your domain’s redirect URI
• State parameter: Task Session automatically uses CSRF protection via state parameter
• ID token validation: All tokens are validated before user creation/login

Account Security

• Registration control: Disable registration if you want manual account creation only
• Email verification: Google Login uses verified emails automatically
• Account linking: Existing accounts are properly linked to prevent duplicates
• Session security: Secure, HttpOnly cookies with SameSite protection

User Management

• Monitor new registrations: Review new Google-login users regularly
• Account status: New users are created as Clients by default
• Profile updates: User profiles are updated from Google on each login
• Access control: Use Task Session’s role-based access control (Admin/Client/Staff)

Advanced Configuration

Custom OAuth Scopes

Task Session uses the following OAuth scopes (configured automatically):

• openid – OpenID Connect for authentication
• email – Access to user’s email address
• profile – Access to user’s basic profile information

These scopes are minimal and secure – only requesting necessary permissions.

Multiple Environments

To use Google Login in multiple environments (development, staging, production):

1. Create separate OAuth clients in Google Cloud for each environment
2. Add each environment’s redirect URI to the respective OAuth client
3. Configure each Task Session installation with its corresponding credentials
4. Use different Client IDs/secrets for each environment

Account Status Configuration

By default, new Google Login users are created with:

• accountStatus = 2 (Client account)
• This can be changed in the code if needed for your use case
• Admins can later change user roles as needed

Testing Checklist

After configuration, test the following scenarios:

• New user registration (if enabled): Sign in with a new Google account
• Existing user login: Sign in with Google using an existing Task Session email
• Account linking: Link Google to an existing password-based account
• Registration disabled: Verify new users see appropriate error message
• Dashboard redirect: Verify users are redirected to correct dashboard (Admin/Client/Staff)
• Profile sync: Check that name and profile picture are imported
• Session persistence: Verify login session persists across page reloads
• Logout: Test that logout works correctly

Conclusion

Configuring Google Login with Task Session provides a modern, secure authentication experience that:

• Improves user experience with one-click login
• Reduces password management overhead
• Enhances security with OAuth 2.0 and Google’s infrastructure
• Streamlines onboarding for new users (if registration enabled)

The setup process is straightforward and takes only a few minutes to complete. Once configured, your users will benefit from a seamless login experience.

Next Steps

After successful configuration:

1. Test thoroughly with different user scenarios
2. Train your team on the new Google Login feature
3. Monitor user adoption and gather feedback
4. Review security settings regularly
5. Keep credentials updated and rotate them periodically

Support Resources

• Google OAuth 2.0 Documentation: https://developers.google.com/identity/protocols/oauth2
• Google Cloud Console: https://console.developers.google.com/