Supascale
Sign Up

Fix Supabase Google OAuth Branding Without Paying for Custom Domains

Stop showing 'Continue to random-string.supabase.co' in Google OAuth. Learn how to display your project name instead - no $10/month custom domain required.

If you've set up Google OAuth with Supabase, you've probably noticed something annoying: when users click "Sign in with Google," they see a consent screen that says:

"Continue to jlbhzsgfliueshfsdb.supabase.co"

That random string is your Supabase project reference. It looks unprofessional and can make users hesitant to sign in. You might think you need Supabase's Custom Domains add-on ($10/month) to fix this—but you don't.

The solution is properly configuring your Google OAuth application. This guide walks you through the process step by step.

What You'll Achieve

After following this guide, your Google OAuth consent screen will display:

"Continue to Your Project Name"

Instead of the random Supabase subdomain. No custom domain required, no additional monthly costs.

Prerequisites

Before starting, make sure you have:

  • A Supabase project with Google OAuth enabled
  • A domain you own (for verification purposes)
  • A privacy policy page on your website
  • A terms of service page on your website
  • A logo image (square, at least 120x120 pixels)

Step 1: Verify Your Domain with Google Search Console

Google needs to verify you own the domain associated with your application. The easiest way is through Google Search Console.

  1. Go to Google Search Console
  2. Click Add Property
  3. Choose URL prefix and enter your website URL (e.g., https://yourapp.com)
  4. Follow the verification steps—the easiest method is usually:
    • Download the HTML verification file
    • Upload it to your website's root directory
    • Click Verify

Once verified, Google associates your domain with your Google account. This is crucial for the OAuth consent screen configuration.

Step 2: Create a Google Cloud Project

If you haven't already, create a dedicated GCP project for your application:

  1. Go to the Google Cloud Console
  2. Click the project dropdown at the top
  3. Click New Project
  4. Enter a project name that matches your application (e.g., "My Awesome App")
    • This name appears on the consent screen, so choose wisely
  5. Click Create

Wait for the project to be created, then select it from the project dropdown.

This is where the magic happens. The consent screen configuration determines what users see when authenticating.

  1. In your GCP project, go to APIs & ServicesOAuth consent screen
  2. Select External as the user type (unless you're G Suite organization-only)
  3. Click Create

Fill Out the App Information

On the next screen, configure these fields carefully:

App name: Enter your application's name exactly as you want it displayed. This replaces the random Supabase subdomain.

User support email: Select an email address for users to contact with questions.

App logo: Upload your logo (square, 120x120px minimum). This appears on the consent screen.

Configure App Domain

This section is critical for verification:

Application home page: Your website's homepage (e.g., https://yourapp.com)

Application privacy policy link: Your privacy policy page (e.g., https://yourapp.com/privacy-policy)

Application terms of service link: Your terms page (e.g., https://yourapp.com/terms-of-service)

Authorized Domains

Add your domain to the authorized domains list:

  1. Click Add Domain
  2. Enter your domain without the protocol (e.g., yourapp.com)
  3. This domain must be verified in Google Search Console (Step 1)

Developer contact information: Add email addresses for Google to contact you about your application.

Click Save and Continue.

Step 4: Configure Scopes

Scopes define what data your application can access. For basic authentication:

  1. Click Add or Remove Scopes
  2. Select these non-sensitive scopes:
    • ../auth/userinfo.email - See your primary email address
    • ../auth/userinfo.profile - See your personal info
    • openid - Associate you with your personal info
  3. Click Update
  4. Click Save and Continue

Avoid adding sensitive scopes unless absolutely necessary—they require additional verification.

Step 5: Add Test Users (Optional)

While your app is in "Testing" mode, only users you explicitly add can authenticate:

  1. Click Add Users
  2. Enter email addresses of test users
  3. Click Save and Continue

You can skip this if you're ready to publish immediately.

Step 6: Create OAuth Credentials

Now create the actual OAuth client that Supabase will use:

  1. Go to APIs & ServicesCredentials
  2. Click Create CredentialsOAuth client ID
  3. Select Web application as the application type
  4. Enter a name (e.g., "Supabase Auth")

Configure Authorized Redirect URIs

Add your Supabase callback URL:

https://YOUR-PROJECT-REF.supabase.co/auth/v1/callback

Replace YOUR-PROJECT-REF with your actual Supabase project reference.

Click Create.

Copy the Client ID and Client Secret—you'll need these for Supabase.

Step 7: Update Supabase Configuration

  1. Go to your Supabase project dashboard
  2. Navigate to AuthenticationProviders
  3. Find Google and click to expand
  4. Enable the provider
  5. Paste your Client ID and Client Secret
  6. Save the configuration

Step 8: Publish Your OAuth Application

Here's the step many people miss. While your app is in "Testing" mode, only designated test users can sign in, and your branding may not appear correctly.

To publish:

  1. Go back to APIs & ServicesOAuth consent screen
  2. Under "Publishing status," click Publish App
  3. Confirm the action

Important: For apps requesting only non-sensitive scopes (email, profile, openid), publishing is usually instant. Google may show a warning about verification, but for basic authentication scopes, your app will work without additional review.

Step 9: Test Your Configuration

Open an incognito browser window and test the sign-in flow:

  1. Go to your application's login page
  2. Click "Sign in with Google"
  3. Verify the consent screen shows:
    • Your app name (not the Supabase subdomain)
    • Your logo
    • Your domain in the permission request

If everything looks correct, you're done!

Troubleshooting Common Issues

Still Seeing the Supabase Subdomain

  • Ensure your app is published, not in testing mode
  • Verify your domain is correctly added to authorized domains
  • Check that the domain in authorized domains matches your verified Search Console property

"Unverified App" Warning

For non-sensitive scopes, users can still proceed by clicking "Advanced" → "Go to [App Name] (unsafe)". This warning typically disappears after:

  • Your app has been published for a while
  • You've completed Google's optional verification process

Logo Not Appearing

  • Ensure the image is square (1:1 aspect ratio)
  • Minimum size is 120x120 pixels
  • The image must be publicly accessible
  • Allow up to 24 hours for changes to propagate

Redirect URI Mismatch

Double-check that the redirect URI in GCP exactly matches your Supabase callback URL, including:

  • The protocol (https://)
  • The exact project reference
  • The path (/auth/v1/callback)

Why This Works

The Google OAuth consent screen displays information from your GCP OAuth configuration, not from Supabase. When properly configured:

  1. Google shows your app name from the OAuth consent screen settings
  2. The authorized domain verification proves you own the domain
  3. Publishing the app makes these settings visible to all users

Supabase's custom domains feature is useful for other purposes (like having auth.yourapp.com instead of project-ref.supabase.co), but it's not required for OAuth branding.

The Self-Hosting Alternative

If you're running multiple Supabase projects or want complete control over your authentication setup, self-hosting Supabase is worth considering.

With Supascale, you can deploy self-hosted Supabase instances on your own infrastructure. OAuth providers like Google, GitHub, and Discord can be configured through a simple UI—no environment variables or container restarts needed.

Self-hosting gives you:

  • Custom domains by default: Your Supabase instance runs on your own domain
  • No per-project fees: One-time purchase, unlimited projects
  • Full control: Configure OAuth providers exactly how you want
  • Data ownership: Everything stays on your servers

If you're paying for multiple Supabase projects or hitting limits on the free tier, check out our pricing to see if self-hosting makes sense for your use case.

Summary

You don't need Supabase custom domains ($10/month) to fix Google OAuth branding. The solution is proper GCP OAuth configuration:

  1. Verify your domain in Google Search Console
  2. Create a GCP project with your desired app name
  3. Configure the OAuth consent screen with your logo, privacy policy, and terms
  4. Add your domain to authorized domains
  5. Create OAuth credentials and add them to Supabase
  6. Publish your app to make branding visible to all users

The entire process takes about 15-20 minutes and costs nothing extra.

Further Reading