Google Login, explained.

How "Sign in with Google" works with Better-Auth. Four steps, three lines of code.

The flow

What happens when a user clicks "Mit Google anmelden"

1. User clicks the Google button
On your sign-in page. Your SPA calls signIn.social({ provider: "google" })
2. Browser redirects to Google
Google shows their OAuth consent screen. User picks their Google account and clicks "Allow".
3. Google redirects back to your auth-server
Hits /api/auth/callback/google. Better-Auth verifies the token with Google, gets the user's name + email.
4. Better-Auth creates user + session
Inserts into user + account (provider: google) + session. Sets the session cookie.
5. User lands back on your site, logged in
Redirected to /. Header shows their Google name. No password needed.
Your sign-in page

What the user sees

sitzio.de/sign-in
Google's screen

What Google shows

accounts.google.com
Sign in to Sitzio
Sitzio wants to access your:
Name, email address, profile picture
Allow
Automatic

What Better-Auth handles for you

👤
New user
First Google login → creates user + account (google) + session
🔗
Same email exists
Already signed up with email+password? Google account links to existing user automatically.
🔄
Returning user
Already has Google account linked → just creates new session. Instant login.
Implementation

Three lines of code

auth-server/src/auth.ts Server 
// Add to betterAuth({ ... }):

socialProviders: {
  google: {
    clientId: process.env.GOOGLE_CLIENT_ID,
    clientSecret: process.env.GOOGLE_CLIENT_SECRET,
  },
},
src/pages/SignInPage.tsx Client 
// The Google button calls:

authClient.signIn.social({
  provider: "google",
  callbackURL: "/",
})
That's it. Better-Auth handles the OAuth flow, token exchange, user creation, account linking, and session management. You write the config + one button click handler.
Setup

Four steps to enable it

Step 1 — Google Cloud
Create OAuth credentials
Google Cloud Console → APIs & Services → Credentials → Create OAuth 2.0 Client ID. Copy Client ID + Client Secret.
Step 2 — Redirect URI
Add callback URL
In Google's OAuth settings, add:
http://localhost:3001/api/auth/callback/google (dev)
https://sitzio.de/api/auth/callback/google (prod)
Step 3 — Backend
Add to auth.ts
Add socialProviders.google with the client ID and secret. Set them as env vars, not hardcoded.
Step 4 — Frontend
Add the button
Add "Mit Google anmelden" button on the sign-in page. One click handler: signIn.social({ provider: "google" })
At 50 sites

How it scales

One Google Cloud project works for all sites. Add each site's callback URL to the same OAuth credential. Each site's auth-server uses the same client ID + secret. Or create one credential per site if you want full isolation. Google doesn't charge for OAuth — it's free at any scale.