Verification Checklist
Confirm that your Google Cloud project, OAuth credentials, Supabase connection, and API keys are all set up correctly before building.
Work through this checklist in order. Each item has a clear way to verify it — don't mark it done until you've confirmed it, not just completed the steps.
If anything fails, the table at the bottom of this page maps every error to its fix.
Google Cloud Project
GCP project created and selected
Open console.cloud.google.com. Look at the project selector in the top navigation bar (to the right of the Google Cloud logo).
Expected: Your project name appears — for example, EduTrack or My School App.
Fail: Shows "Select a project" or a different project name. Click the selector and choose your project.
Billing account linked
In the left sidebar, click "Billing".
Expected: The billing page shows your billing account name and status as "Active".
Fail: Shows "This project has no billing account." Click "Link a billing account" and follow the steps on the Project Setup page.
Budget alert configured
Still in Billing, click "Budgets & alerts".
Expected: At least one budget appears in the list, set to ₹500 (or your chosen amount), with status Active.
Fail: Empty list. Go back to the Project Setup page and create the budget alert.
OAuth Consent Screen
Consent screen configured
Go to "APIs & Services" → "OAuth consent screen".
Expected: The page shows your app name, support email, and configured scopes. The status should show "Needs verification" or "In production" — either is fine for this stage.
Fail: Shows "OAuth consent screen not configured." Follow the steps on the OAuth Credentials page.
Test user added
On the OAuth consent screen page, scroll down to the "Test users" section.
Expected: Your Gmail address appears in the test users list.
Fail: The list is empty or your email is missing. Click "+ ADD USERS", enter your Gmail, and save.
OAuth Credentials
OAuth Client ID created
Go to "APIs & Services" → "Credentials".
Expected: Under "OAuth 2.0 Client IDs", at least one entry appears with your chosen name (e.g., "Web Client").
Fail: No entries in that section. Follow the OAuth Credentials page to create one.
Supabase callback URL in Authorized Redirect URIs
Click the pencil icon on your OAuth client to open it. Scroll to "Authorized redirect URIs".
Expected: Your Supabase callback URL appears exactly as it is shown in Supabase (e.g., https://abcdefghijklmnop.supabase.co/auth/v1/callback).
Fail: The URL is missing or has a typo (trailing slash, http instead of https, wrong project reference). Copy the URL from Supabase → Authentication → Providers → Google → Callback URL and paste it here exactly.
Client ID and Secret saved to VaultMate
Open VaultMate. Search for your project name.
Expected: An entry exists with category OAuth, title Google OAuth, containing both the Client ID and Client Secret.
Fail: No entry. Open the OAuth client in Google Cloud Console (pencil icon to edit, then the eye icon to reveal the Secret) and save both values to VaultMate now.
Supabase OAuth Configuration
Google provider enabled in Supabase
Open your Supabase project. Go to Authentication → Providers. Find Google in the list and expand it.
Expected: The toggle shows "Enabled", and your Client ID and Client Secret are filled in.
Fail: Toggle is off or credentials are blank. Follow the Supabase OAuth page to configure it.
Live Test — Sign in with Google
This is the most important check. Running through the steps above only confirms the configuration exists — this test confirms it actually works.
Open your app's login page
If you have a local dev server running, open http://localhost:3000 (or your configured port) in your browser.
If you don't yet have a login page with Google OAuth implemented, you can use the Supabase dashboard test: Authentication → Users → "Invite user" to confirm the provider is working, or use a quick test script.
Click "Sign in with Google"
Your app should initiate the OAuth flow — the browser address bar should change to a accounts.google.com/... URL.
Expected: Google's account selection screen appears, showing your app name (from the consent screen configuration).
Fail: Browser shows your app's error page, or nothing happens. Check the browser console (press F12 → Console tab) for error messages. Common error: Client ID not matching, or signInWithOAuth not called correctly.
Select your Google account
Click your Gmail account (the one you added as a test user).
Expected: Google shows a permissions screen listing email and profile scopes. Or, if you've already authorized this app before, it may skip straight to redirecting back to your app.
Fail: Google shows access_blocked: This app's request is invalid. Your consent screen is misconfigured — go back to the OAuth consent screen page and ensure scopes are added and test users are configured.
Complete the login
Click "Continue" or "Allow" on the Google permissions screen.
Expected: Browser redirects back to your app. You are logged in. If your app has a dashboard or profile page, it loads correctly.
Fail: Browser shows a blank page or an error. Check the URL for clues — a redirect_uri_mismatch in the URL means the callback URL is wrong. An error in your app's console means the callback page has a bug.
Confirm the user exists in Supabase
In the Supabase dashboard, go to Authentication → Users.
Expected: Your Gmail address appears in the users list with provider listed as google.
Fail: User list is empty after login. The OAuth flow may have succeeded with Google but failed when Supabase tried to create the user. Check Supabase logs: Logs → Auth for error details.
API Keys (if you enabled Maps APIs)
Required APIs enabled
Go to "APIs & Services" → "Enabled APIs & services".
Expected: All APIs you need appear in this list. For EduTrack, you should see:
- Maps JavaScript API
- Places API
- Geocoding API
- Directions API
Fail: An API you need is missing. Go to the Library and enable it.
API key created with restrictions
Go to "APIs & Services" → "Credentials". Under "API keys", your key should appear.
Click the pencil icon to open it. Confirm:
- Application restrictions: "HTTP referrers (websites)" is selected with your domains listed
- API restrictions: "Restrict key" is selected with only the required APIs listed
Fail: Either restriction says "None". Click "RESTRICT KEY" and configure both restrictions before using the key anywhere.
API key saved to VaultMate and .env
Confirm the key exists in VaultMate under your project name, category API Key.
Confirm VITE_GOOGLE_MAPS_API_KEY exists in your .env file.
Confirm .env is in your .gitignore and not committed to git.
Quick reference — error to fix mapping
| Error you see | Root cause | Fix |
|---|---|---|
redirect_uri_mismatch | Supabase callback URL not in Google's Authorized Redirect URIs | Add the exact Supabase callback URL to your OAuth client's redirect URIs list |
access_blocked: Invalid request | OAuth consent screen not configured or app not registered | Complete the consent screen configuration |
access_blocked: Authorization Error | Your account is not in the test users list | Add your Gmail to the test users section of the consent screen |
403: org_internal | User type set to "Internal" instead of "External" | Change user type to External on the consent screen page |
The OAuth client was not found | Wrong Client ID, or using credentials from a different project | Confirm the Client ID in Supabase matches the one in Google Cloud |
| Google login works but Supabase shows no user | Supabase can't verify with the Client Secret | Re-enter the Client Secret in Supabase; confirm it matches Google Cloud |
| Map shows grey box with error text | Maps JavaScript API not enabled | Enable Maps JavaScript API in the API Library |
| API key rejected ("API key not valid") | Key not restricted correctly or wrong key pasted | Confirm the full key was copied without truncation; check restrictions |
| "This page can't load Google Maps" | API key domain restriction blocking localhost | Add http://localhost:PORT/* to the allowed referrers for the key |
You're set up
If every item on this checklist is confirmed:
- Your Google Cloud project is created and billing is protected with an alert
- OAuth is configured — your app can offer "Sign in with Google"
- Supabase knows your credentials and handles the OAuth exchange
- Required APIs are enabled and your API key is properly restricted
- The full login flow works end-to-end
Google Cloud is not something you need to revisit often. These are one-time setup steps. You'll come back only when you deploy to a new domain (to add it to the authorized origins and redirect URIs) or when you add a new Google service to the app.