1. Sign into the API manager in the Google Cloud console.
2. Likely you will need to create a new project in Google Cloud, so click ‘Create’
3. Give your project a name, like ‘Cloudflare Connection’ and click create.
4. Click ‘Create Credentials’ and select OAuth Client ID
5. Click on the button that says ‘Configure Consent Screen’
6. Fill out the Product Name field and click Save.(This will display to users during the sign in flow).
7. Select the Application Type ‘Web Application’. The field name, give it some name. In Authorized Javascript Origins, put your account’s authorization domain, found in the authorization domain section of the Cloudflare Access dashboard. It is likely https://something.cloudflareaccess.com. In the Authorized redirect URIs section, put your authorization domain followed by /cdn-cgi/access/callback. Click create.
8. Copy your client ID and secret and paste them in the Cloudflare dashboard to finish connecting Google.
Troubleshooting
If you login to Cloudflare Access and see:
This is so easy to fix. Have no fears. It takes just a minute. Ready?
Go back to the Google Cloud Console: https://console.cloud.google.com/apis/credentials and click on the pencil next to the Cloudflare Access credentials.
Then in the field for Authorized redirect URIs add the domain Google complains about in the 400 error. It will look something like https://dani.cloudflareaccess.com/cdn-cgi/access/callback.
Click Save.