Skip to content

Configuring the .well-known file

General configuration instructions for Google client-side encryption is available at this url in paragraph (Option 1) To connect to your IdP using a .well-known file

Using Google as an Identity Provider

To use Google as an Identity Provider, you first need to create a dedicated client ID in the Google Cloud Console. Detailed instructions are available on the page referenced above in the section entitled Create-a-client-id-for-google-identity.

The general idea is to create a project, then in APIs & Services > Credentials, create a client ID for a web application. This Client ID will be used in the well-known file.

Once created the Client ID should look like this

Create Client ID
Figure 1: Create Client ID

The list of URLs for Authorized origins and Authorized redirect are available in the Google documentation above, in paragraph Create a client ID for Google identity.

Generating the well-known file

The format of the well-known file is specified by RFC 8259

  "name": "Google identity for workspace client-side encryption",
  "client_id": "",
  "discovery_uri": "",
  "grant_type": "implicit",
  "applications": {
    "drivefs": {
      "client_id": ""
    "drive-android": {
      "client_id": ""
    "drive-ios": {
      "client_id": ""
    "calendar-android": {
      "client_id": ""
    "calendar-ios": {
      "client_id": ""
    "gmail-android": {
      "client_id": ""
    "gmail-ios": {
      "client_id": ""
    "meet-android": {
      "client_id": ""
    "meet-ios": {
      "client_id": ""

client_id is the OAuth 2.0 client ID of the Google Workspace domain that is created using the Google Cloud Console

© Copyright 2018-2024 Cosmian. All rights reserved.