-
Notifications
You must be signed in to change notification settings - Fork 0
Provider Google
Kolin edited this page Jun 13, 2026
·
1 revision
- Google OIDC uses the
subclaim as the username by default. Thesubvalue is a numeric string (e.g.,109876543210987654321), not a human-readable name. - Google does not support role claims, so RBAC is not available.
- Google uses different endpoint authorities, which requires disabling endpoint validation.
- Go to Google Cloud Console → APIs & Services → Credentials.
- Click Create Credentials → OAuth 2.0 Client ID.
- Set Application type to Web application.
- Add the following to Authorized redirect URIs:
https://<your-jellyfin-domain>/sso/OID/redirect/google - Copy the Client ID and Client Secret.
| Field | Value |
|---|---|
| Provider Name | google |
| OpenID Endpoint | https://accounts.google.com |
| Client ID | from Google Cloud Console |
| Client Secret | from Google Cloud Console |
| Do Not Validate OpenID Endpoints | Enabled (required) |
| Enable Authorization by Plugin | Disabled (no role support) |
| Enable All Folders | Enabled (recommended) |
Since Google usernames are numeric, users will have an unreadable Jellyfin display name. To work around this, you can:
- Set Default Username Claim to
emailto use the Google email address as the Jellyfin username - Note that email addresses contain special characters, test that Jellyfin accepts them as usernames
https://<your-jellyfin-domain>/sso/OID/redirect/google
Getting Started
Configuration
Providers
Reference
Development