Hi everyone,
I’m trying to wrap my head around how people usually deal with Google authentication in n8n when they want to connect something like Google Forms or Sheets. From what I see, the “proper” way is to set up an OAuth2 app in Google Cloud, then in n8n create OAuth2 credentials, and when the workflow runs, the user has to log in with their Google account and grant access. After that, n8n stores the token and refreshes it automatically. Is that basically what most of you are doing? Like, if you’re building something for clients, do you usually make them log in to Google through your n8n instance, so the workflow works with their account? Or do people usually just connect their own Google account once and call it a day?
Describe the problem/error/question
What is the error message (if any)?
Please share your workflow
(Select the nodes on your canvas and use the keyboard shortcuts CMD+C/CTRL+C and CMD+V/CTRL+V to copy and paste the workflow.)
@riversong87871 welcome to the community. The question you asked is a really common question, especially when you’re working with clients and want to keep things professional and secure.
The standard approach is exactly what you described, set up an OAuth2 app in Google Cloud, create OAuth2 credentials in n8n, and have the user or client log in to their Google account to grant access. n8n then stores and refreshes the tokens automatically, so workflows run smoothly.
When building for clients, best practice is to have them log in with their own Google account through your n8n instance, rather than using your personal credentials. This avoids a lot of headaches down the road, especially during handover or if you need to transfer ownership. Asking clients to provide their API credentials from the start is actually a big time saver, and it helps with compliance and transparency.
For smaller clients, you might handle hosting and setup for them, but you should still use their credentials for any Google integrations. Larger clients often have their own infrastructure and will want everything set up on their side.
Security is a big factor, using your own credentials for multiple clients risks data leakage and complicates offboarding. If you ever need to hand over the workflow or the n8n instance, it’s much cleaner if all external integrations is the client’s own accounts.
I have ran into issues in the past by using my own keys for testing, and it became a mess during the handover phase. Now, as a rule, I always insist that clients provide their own credentials, even in development.