Google OAuth & Data Access
Google OAuth & Data Access
This page documents OAuth redirect configuration, APIs, scopes, and plain-English data use details for production-readiness review.
A. OAuth Redirect URI
AI2Metric uses the NextAuth Google callback route:
https://ai2metric.com/api/auth/callback/google
Local development
http://localhost:3000/api/auth/callback/googleProduction example
https://ai2metric.com/api/auth/callback/googleB. Required Google APIs
- Google Analytics Data API
- Google Analytics Admin API (for GA4 account/property listing)
- BigQuery API (when BigQuery connection is enabled)
C. OAuth Scopes (Minimum First)
Currently configured in this app
openidRequired
emailRequired
profileRequired
https://www.googleapis.com/auth/analytics.readonlyRequired
https://www.googleapis.com/auth/bigquery.readonlyRequired
Optional scopes (only if your implementation requires them)
https://www.googleapis.com/auth/analytics.manage.users.readonlyOptional
https://www.googleapis.com/auth/cloud-platform.read-onlyOptional
Use the minimum scopes required. Broader scopes should remain optional unless your implementation explicitly needs them.
D. Data Access Model
GA4 connections use secure Google OAuth. The signed-in user grants read-only access to GA4 resources they are already authorized to view.
Project and dataset selection uses the signed-in user's Google access to list available BigQuery resources.
Custom BigQuery dataset analysis runs through AI2Metric server-side Google Cloud credentials and only queries datasets explicitly configured for analysis.
- GA4 access is granted only after Google OAuth consent.
- GA4 access is read-only.
- Demo mode requires no sign-in and uses Google's public GA4 BigQuery sample dataset.
- AI2Metric does not modify GA4 or BigQuery data.
AI2Metric does not sell Google user data.
AI2Metric does not use Google user data for advertising.
AI2Metric does not use Google user data to train public AI models.
AI2Metric does not transfer Google user data to third parties except as necessary to provide requested AI analysis workflows.
Users can revoke access at any time from their Google Account permissions page.
E. Demo vs. Connected Data
The public demo does not require Google authentication and uses Google's public GA4 BigQuery sample dataset.
The demo is provided for educational, testing, and product evaluation purposes only. It is not connected to a visitor's private GA4 or BigQuery account and does not display or analyze private user data.
When a user connects GA4, AI2Metric uses Google OAuth with read-only permissions. When a user configures a custom BigQuery dataset, AI2Metric runs server-side queries only against the configured dataset.