Introduction

This user guide explains about how to grant access, assign roles, and configure the OAuth consent screen to enable secure authentication for creating OAuth credentials for onboarding GCP billing accounts.

Create OAuth Credentials

Perform the following steps to create OAuth credentials:

1. Go to console.cloud.google.com.

2. To begin assigning permissions for OAuth creation, click Grant access.

   

3. To add new users or service accounts for access, click New principals.

   

4. In the New principals box, enter your email address to specify the principal who will receive access.

   

5. To confirm the principal's identity, select the user from the suggested list.

   

6. For assigning permissions, click the Select a role drop-down. You can enter the role name to filter and find the appropriate permissions to assign.

   

7. To grant full access to most of the Google Cloud resources, click to select the Owner role.

   

8. To assign multiple permissions to the principal, click Add another role.

   

9. For selecting an additional role, click the Select a role drop-down list.

   

10. Enter "big" to filter roles and locate the BigQuery Admin role.

11. To grant administrative access to BigQuery resources, choose the BigQuery Admin role.

    

12. To apply the assigned roles and complete the IAM access submission process, click Save

Enable Secure Authentication

Perform the following steps to configure the necessary client settings to enable secure authentication:

1. To begin navigating the GCP console, click the "Search for resources, docs, products, and more" search box.

   

2. To access the area where you manage authentication credentials for your GCP projects, click Credentials.

   

3. To start the process of creating new credentials within the GCP console, click the hamburger menu icon.

   

4. To configure the consent details that users will see during authentication, click OAuth consent screen.

   

5. To view and manage OAuth client IDs associated with your project, click Clients.

   

6. To begin setting up a new OAuth client for your application, click Create client.

   

7. In the Application type drop-down list, click to select the type of OAuth client you want to create.

   

   In this case, select Web application to specify that the OAuth client will be used by a web-based app.

   

8. In the Name box, enter a descriptive identifier for your OAuth client. In this case, enter your client's name as GCP_onboarding to clearly label this credential for billing account onboarding.

   

9. To specify authorized redirect URIs for your OAuth client, click Add URI.

   

10. To input the first authorized redirect URI, click URIs 1 and enter the first redirect URI as "https://onboard" to define where authentication responses are sent.

    

11. Click Add URI and enter the second redirect URI as "https://onboard.corestack" to include the additional authorized endpoints.

    

12. To manage your redirect URIs, click Authorized redirect URIs -- For use with requests from a web server.

    

13. To add more authorized redirect URIs for your OAuth client, click Add URI.

    

14. To specify an additional authorized endpoint, enter the fourth redirect URI as "https://www".

15. Click Add URI and enter the fifth redirect URI as "https://www.corestack" to expand your authorized URI list.

16. To generate the OAuth client with the specified settings and redirect URIs, click Create.

17. To save the OAuth client credentials file needed for authentication integration, click Download JSON.

    

18. Click OK to confirm the creation process and close the dialog box.

    

You have successfully created OAuth credentials for GCP billing account onboarding by configuring client details and authorized redirect URIs. Next, use the downloaded JSON file to integrate authentication into your application securely.