My customer uses Google GSuite in his organization (a no-profit one), and wanted to use already existing accounts to login in my application. Quite easy, as Google is already implemented in Laravel Socialite.
But default configuration for Google in Socialite includes scopes for Google+ API, to access profile informations, and that's not always the case. At least, it was not the case in my situation: eventually the reference Google Apps organization had no Google+ enabled, so as login with classic @gmail.com accounts worked, the organization's accounts with custom domain failed miserably.
Solution: fix the scopes and get informations elsewhere. Replace
$scopes = [ 'https://www.googleapis.com/auth/userinfo.email', 'https://www.googleapis.com/auth/userinfo.profile' ]; return Socialite::driver('google')->scopes($scopes)->redirect();
and everything is OK.
I don't know if the issue is common for all Google GSuite for no-profit instances, but if you obtain the infamous
invalid_grant error this is worth a try.