Configure an Auth0 Custom Social Connection (Generic OAuth2) with these values.
| Authorization URL | https://accounts.google.com.connectors.demo.a0.gg/authorize |
| Token URL | https://accounts.google.com.connectors.demo.a0.gg/token |
| Userinfo (fetchUserProfile) | https://accounts.google.com.connectors.demo.a0.gg/userinfo |
| Client ID | anything (e.g. the tenant name) |
| Client Secret | generate at /tools/secret |
Paste the scopes you need (space-separated) into Auth0's native Scope field. The gateway drops anything not allowed below.
| Scope | Grants | Tier | Status |
|---|---|---|---|
| identity | |||
| openid | OIDC subject identifier | non-sensitive | allowed |
| Email address + verified flag | non-sensitive | allowed | |
| profile | Name, picture, locale | non-sensitive | allowed |
| calendar | |||
| https://www.googleapis.com/auth/calendar.events.owned | See, create, change and delete events on calendars you own | sensitive | allowed |
| sheets | |||
| https://www.googleapis.com/auth/spreadsheets | See, edit, create and delete all your Google Sheets spreadsheets | sensitive | allowed |
| restricted_examples | |||
| https://mail.google.com/ | Full Gmail access (blocked — restricted) | restricted | blocked |
| https://www.googleapis.com/auth/drive | Full Drive access (blocked — restricted) | restricted | blocked |