Enable BigQuery OAuth connections

This document will walk you through the process of setting up OAuth connections in your CARTO Self-hosted installation, enabling secure and seamless authentication when creating your BigQuery connections from the CARTO platform.


The first thing that has to be configured is an OAuth consent screen to allow the creation of OAuth connections. You'll have to navigate to APIs & Services > OAuth consent screen and enable this by filling up the application name, a support email for your consent screen, the authorized domain for your application and an email for developer contact. The authorized domain you choose should be the one used in the emails that will to use that feature..

The following are required to be able to create a BigQuery OAuth connection from CARTO platform.

  • https://www.googleapis.com/auth/userinfo.email

  • https://www.googleapis.com/auth/userinfo.profile

  • https://www.googleapis.com/auth/bigquery

2. Create an OAuth credentials

Navigate to APIs & Services > Credentials > Create credentials to access the OAuth credentials creation form. The following details will be required to create the OAuth client ID:

  • Application type: Web application.

  • Authorized JavaScript origins: https://<your_selfhosted_domain>.

  • Authorized redirect URIs: https://<your_selfhosted_domain>/connections/bigquery/oauth.

Once the create button is clicked, you should be able to download the credentials generated for your application. These credentials will contain the required client_id and client_secret to enable OAuth connections in the CARTO installation.


Update the config of your CARTO Self-Hosted deployment from the Admin Console. You'll have to provide your OAuth client ID and client secret:

Once you've configured your CARTO Self-Hosted platform to use the OAuth credentials created in GCP, the Sign in with Google button should be available creating a BigQuery connection from the Workspace

Last updated