# Google OAuth Setup Instructions for Bazarkoom.com

## Current Status
**Error**: "فشل في الحصول على رمز الوصول من جوجل" (Failed to get access token from Google)

**Cause**: The website is using test Google OAuth credentials that are not properly configured for the production domain `bazarkoom.com`.

## Quick Solution
Update the Google OAuth credentials in `config/config.php` with your actual credentials from Google Cloud Console.

## Detailed Setup Guide

### For Arabic Speakers
📖 **الدليل الكامل بالعربية**: [GOOGLE_OAUTH_SETUP_GUIDE_AR.md](GOOGLE_OAUTH_SETUP_GUIDE_AR.md)

### Step-by-Step Instructions (English)

#### 1. Access Google Cloud Console
- Go to [Google Cloud Console](https://console.cloud.google.com/)
- Sign in with your Google account
- Create a new project or select existing one

#### 2. Enable Required APIs
- Navigate to **APIs & Services** → **Library**
- Search for and enable:
  - **Google+ API** (Required for OAuth)
  - **People API** (Optional, for user profile data)

#### 3. Configure OAuth Consent Screen
- Go to **APIs & Services** → **OAuth consent screen**
- Select **External** user type
- Fill in required information:
  - **App name**: `Bazarkoom`
  - **User support email**: Your email
  - **Developer contact information**: Your email
- Add scopes: `email`, `profile`, `openid`
- Add test users (your email) if app is in testing mode
- **Publish the app** if ready for production

#### 4. Create OAuth 2.0 Credentials
- Go to **APIs & Services** → **Credentials**
- Click **Create Credentials** → **OAuth 2.0 Client IDs**
- Select **Web application**
- Configure:
  - **Name**: `Bazarkoom Web Client`
  - **Authorized JavaScript origins**: `https://bazarkoom.com`
  - **Authorized redirect URIs**: Add these URLs:
    ```
    https://bazarkoom.com/google_callback.php
    https://bazarkoom.com/login.php
    https://bazarkoom.com/oauth2callback
    ```
- Click **Create**

#### 5. Get Your Credentials
After creation, you'll get:
- **Client ID**: (e.g., `1234567890-abcdefghijklmnopqrstuvwxyz.apps.googleusercontent.com`)
- **Client Secret**: (e.g., `GOCSPX-abcdefghijklmnopqrstuvwxyz`)

#### 6. Update Configuration File
Edit `config/config.php` and update these values:

```php
// Google OAuth
define('GOOGLE_CLIENT_ID', 'YOUR_ACTUAL_CLIENT_ID_HERE');
define('GOOGLE_CLIENT_SECRET', 'YOUR_ACTUAL_CLIENT_SECRET_HERE');
define('GOOGLE_REDIRECT_URI', 'https://bazarkoom.com/google_callback.php');
```

#### 7. Test the Setup
1. Go to [https://bazarkoom.com/login.php](https://bazarkoom.com/login.php)
2. Click the **Google** button
3. You should see Google's login/consent screen
4. After granting permission, you should be logged in

## Current Test Credentials (Not Working)
```
Client ID: 803175581397-qgid9379uh4de6qc27ga9eh4ouffrn4e.apps.googleusercontent.com
Client Secret: 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
Redirect URI: https://bazarkoom.com/google_callback.php
```

**Note**: These are test credentials and won't work with `bazarkoom.com` domain.

## Troubleshooting

### Common Issues & Solutions

#### 1. "redirect_uri_mismatch" Error
- **Solution**: Make sure `https://bazarkoom.com/google_callback.php` is added to **Authorized redirect URIs**
- **Check**: No trailing slashes, correct protocol (https)

#### 2. "Client ID not found" Error
- **Solution**: Verify the Client ID is correct and the API is enabled
- **Check**: Go to Google Cloud Console → APIs & Services → Dashboard

#### 3. OAuth Consent Screen Not Verified
- **Solution**: Add test users or publish the app
- **Check**: OAuth consent screen → Test users

#### 4. HTTPS Required
- **Important**: Google OAuth requires HTTPS
- **Verify**: Your site must be accessible via `https://bazarkoom.com`

#### 5. Domain Verification
- **If needed**: Verify domain ownership in Google Search Console
- **For production**: Complete OAuth verification process

## Debugging Tools

### 1. Check Current Configuration
Visit: `https://bazarkoom.com/login.php`
- The page now shows warnings if test credentials are detected
- Google button shows a warning badge for test credentials

### 2. Debug Files
When Google OAuth fails, debug files are created:
- `google_oauth_debug_*.txt` - Contains detailed error information
- Check these files for specific error messages

### 3. Browser Developer Tools
- Press F12 → Console tab
- Look for JavaScript errors
- Network tab shows API requests/responses

## Security Notes

### Do NOT:
- Share your Client Secret publicly
- Commit real credentials to version control
- Use the same credentials for development and production

### Do:
- Use environment variables for production
- Regularly rotate Client Secrets
- Monitor API usage in Google Cloud Console
- Set up billing alerts if using paid APIs

## Fallback Options

If Google OAuth setup is too complex:

### Option A: Disable Google Login Temporarily
Edit `config/config.php`:
```php
define('ENABLE_SOCIAL_LOGIN', false);
```

### Option B: Use Email/Password Only
Users can still register and login with email/password while you fix Google OAuth.

### Option C: Implement Later
Remove Google button from login page until credentials are ready.

## Support Resources

- [Google OAuth 2.0 Documentation](https://developers.google.com/identity/protocols/oauth2)
- [Google Cloud Console Help](https://cloud.google.com/docs)
- [OAuth Troubleshooting Guide](https://developers.google.com/identity/protocols/oauth2/troubleshooting)

## Next Steps After Setup

1. **Test thoroughly** with multiple Google accounts
2. **Monitor logs** for any issues
3. **Update documentation** with your actual credentials (securely)
4. **Consider implementing** Facebook/other social logins
5. **Set up analytics** to track login methods

---

**Last Updated**: 2026-02-21  
**Status**: ❌ **Action Required** - Need real Google OAuth credentials  
**Priority**: High - Users cannot login with Google currently