← Test Tools  ·  Google SSO

idle

Configuration

← change project in the test-tools landing page · values are shared via localStorage.
Add this exact URL to Authorized redirect URIs in Google Cloud Console (OAuth 2.0 Client). The tool sends it as redirect_origin in :start, overriding the project's default callback for this flow — you do not need to touch the Redirect URI field in the admin panel.
Generates code_verifier in this tab and forwards it through :start (challenge) and :callback (verifier). Required by the design ("PKCE always") — leave on unless you're explicitly probing the no-PKCE path.

Flow

  1. 1
    Configuration ready
    API URL, project ID, public key are set.
  2. 2
    POST /oauth/google:start
    Backend signs a state token and returns Google's authorize URL. With PKCE on, this tab sends code_challenge here and keeps the verifier in sessionStorage.
  3. 3
    Google consent
    User signs in with Google; browser is redirected back here with code + state.
  4. 4
    POST /oauth/google:callback
    Backend exchanges code → id_token (with code_verifier if PKCE was used), verifies nonce/audience, resolves player.
  5. 5
    Player session issued
    Returns player_id, session_token, expires_at, is_new.

Network trace

Each request/response will be logged here as the flow runs.