# BigQuery OAuth

Paradime supports OAuth authentication with BigQuery. When BigQuery OAuth is enabled, users can authorize their Development credentials using Single Sign On (SSO) via BigQuery.

If BigQuery is setup with SSO through a third-party identity provider, developers can use this method to login to BigQuery and authorize the dbt™️ Development credentials without any additional setup.

{% content-ref url="../development-environment/bigquery" %}
[bigquery](https://docs.paradime.io/app-help/documentation/settings/connections/development-environment/bigquery)
{% endcontent-ref %}

## **Creating a BigQuery OAuth 2.0 client ID and secret**

To enable OAuth, you will need to create a Client ID and Secret to [authenticate](https://cloud.google.com/bigquery/docs/authentication) with GCP and manage the OAuth connection between Paradime and BigQuery.

In the Big Query Console, navigate to **APIs & Services** and select **Credentials**. If you haven't already, you will need to set up an [OAuth consent screen](https://support.google.com/cloud/answer/6158849) then click on `+ Create Credentials` in the top navigation bar and select from the menu **OAuth client ID**.  

{% @arcade/embed flowId="yXcTWHFlFMpwCSG4K4YK" url="<https://app.arcade.software/share/yXcTWHFlFMpwCSG4K4YK>" %}

## Required Configurations

Use the below configurations to set up the BigQuery OAuth app and click on the `Create` button. You will generate the Client ID and Secret, that will be required to connect Paradime to your BigQuery account.

<table><thead><tr><th width="249">Config</th><th>Value</th></tr></thead><tbody><tr><td>APPLICATION TYPE</td><td>Web application</td></tr><tr><td>NAME</td><td>paradime</td></tr><tr><td>AUTHORIZED JAVASCRIPT ORIGINS</td><td>Required. Use the correct domain, you can check your selected region during onboarding in the Workspace Management section of your Account Settings.<br><br>🇪🇺 <strong>eu-west-2 (Europe - London)</strong><br><code>https://api.paradime.io</code><br>🇪🇺 <strong>eu-west-1 (Europe - Ireland)</strong><br><code>https://eu-w1-api.paradime.io</code><br>🇪🇺 <strong>eu-central-1 (Europe - Frankfurt)</strong><br><code>https://eu-c1-api.paradime.io</code><br>🇺🇸 <strong>us-east-1 (US East - N. Virginia)</strong><br><code>https://api.us.paradime.io</code></td></tr><tr><td>AUTHORIZED REDIRECT URIs</td><td>Required. Use the correct domain, you can check your selected region during onboarding in the Workspace Management section of your Account Settings.<br><br>🇪🇺 <strong>eu-west-2 (Europe - London)</strong><br><code>https://api.paradime.io/control-plane/bigquery/redirect</code><br>🇪🇺 <strong>eu-west-1 (Europe - Ireland)</strong><br><code>https://eu-w1-api.paradime.io/control-plane/bigquery/redirect</code><br>🇪🇺 <strong>eu-central-1 (Europe - Frankfurt)</strong><br><code>https://eu-c1-api.paradime.io/control-plane/bigquery/redirect</code><br>🇺🇸 <strong>us-east-1 (US East - N. Virginia)</strong><br><code>https://api.us.paradime.io/control-plane/bigquery/redirect</code></td></tr></tbody></table>

## OAuth 2.0 Scopes for Google APIs <a href="#oauth-20-scopes-for-google-apis" id="oauth-20-scopes-for-google-apis"></a>

Paradime BigQuery OAuth app will request the below scopes:

* `https://www.googleapis.com/auth/bigquery`
* `https://www.googleapis.com/auth/drive.readonly`
* `https://www.googleapis.com/auth/devstorage.read_only`