# Enable BigQuery OAuth connections (Helm)

{% hint style="info" %}
This documentation only applies to **advanced Orchestrated container deployments** using **Kubernetes** and **Helm**
{% endhint %}

This document will walk you through the process of setting up OAuth connections in your CARTO Self-hosted installation, enabling secure and seamless authentication when creating your BigQuery connections from the CARTO platform.

## **Pre-requisites**

### 1. Create an OAuth Consent Screen inside your Google Cloud Platform project

The first thing that has to be configured is an OAuth consent screen to allow the creation of OAuth connections. You'll have to navigate to **APIs & Services > OAuth consent screen** and enable this by filling up the application name, a support email for your consent screen, the authorized domain for your application and an email for developer contact. The authorized domain you choose should be the one used in the emails that will to use that feature..

<figure><img src="https://3029946802-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FybPdpmLltPkzGFvz7m8A%2Fuploads%2Fgit-blob-efb349569930e5586ad7496e83e3b3ee6651b7fa%2FScreenshot%202023-10-30%20at%2017.42.49.png?alt=media" alt=""><figcaption></figcaption></figure>

The following are required to be able to create a BigQuery OAuth connection from CARTO platform.

* `https://www.googleapis.com/auth/userinfo.email`
* `https://www.googleapis.com/auth/userinfo.profile`
* `https://www.googleapis.com/auth/bigquery`

### 2. Create an OAuth credentials

Navigate to **APIs & Services > Credentials > Create credentials** to access the OAuth credentials creation form. The following details will be required to create the OAuth client ID:

<figure><img src="https://3029946802-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FybPdpmLltPkzGFvz7m8A%2Fuploads%2Fgit-blob-d47f85c36f78989774ab138809609607497f233c%2FScreenshot%202023-10-30%20at%2017.54.05.png?alt=media" alt=""><figcaption></figcaption></figure>

* Application type: Web application.
* Authorized JavaScript origins: `https://<your_selfhosted_domain>`.
* Authorized redirect URIs: `https://<your_selfhosted_domain>/connections/bigquery/oauth`.

Once the create button is clicked, you should be able to download the credentials generated for your application. These credentials will contain the required `client_id` and `client_secret` to enable OAuth connections in the CARTO installation.

## **Setup**

Add the following lines to your `customizations.yaml` using the values you obtained from the credentials file:

```
appConfigValues:
  bigqueryOauth2ClientId: "<value_from_credentials_web_client_id>"

appSecrets:
  bigqueryOauth2ClientSecret:
    value: "<value_from_credentials_web_client_secret>"
```

Once you've configured your CARTO Self-Hosted platform to use the OAuth credentials created in GCP, the Sign in with Google button should be available [creating a BigQuery connection](https://docs.carto.com/carto-user-manual/connections/creating-a-connection#connection-to-bigquery) from the Workspace

<figure><img src="https://3029946802-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FybPdpmLltPkzGFvz7m8A%2Fuploads%2Fgit-blob-8e32604951512b3ea3afbec176670139ee889674%2Fspaces_ybPdpmLltPkzGFvz7m8A_uploads_git-blob-1724f873b0488641af619fd55d08e86cdee3258b_the_connections_bigquery_overview.webp?alt=media" alt=""><figcaption></figcaption></figure>