Versions Compared

Old Version 7

changes.mady.by.user Stonebranch

Saved on

compared with

New Version 8

changes.mady.by.user Olivier Michaut

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Create a new Project under your google account: https://console.cloud.google.com/projectcreate

Image Modified

Create a new Credential for the service: https://console.cloud.google.com/apis/credentials

Image Modified

From the menu Create Credentials Select OAuth Client ID.

...

https://<fqnd>:<port>/service/auth/sso/google/callback

For B2B:

https://b2bmft.stonebranch.com:9190/service/auth/sso/google/callback


Configure your application.

Image Added

After you complete the form, copy the following field or download the json file where you will have the credentials needed to prepare our setup.

Image Added

Create the following instance under your service with the path related to the configuration file

Code Block
languagetext
[service.local.auth.google]
file = "sso-google-udmg.json"

Create the following file with the values from the file

Code Block
languagetext
{
    "clientID": "client-id",
    "clientSecret": "client-server",
    "redirectURI": "<http-fqdn>/service/auth/sso/google/callback",
    "hostedDomains": ["domain.com"]
}

Note

If you are going to use a public domain, like @gmail.com dont don't setup the hostedDomains, since the hd parameter in the callback will be empty.

...

Code Block
languagetext
[service.local.auth.oidc]
file = "openid-config.json"


Code Block
languagetext
{
    "issuer": "https://accounts.google.com",
    "clientID": "<client-id>",
    "clientSecret": "<client-secret-id>",
    "redirectURI": "https://<fqdn>/service/auth/sso/openid/callback"
}

OAuth2

In the case of OAuth2 with Google Provider, you will need to grant some extra scopes. Since by default the email is not in the payload.

In order to grant the scopes, you will need to edit the App

Image Added

Under the scope step

Image Added

Grant the follow scopes

Image Added

After Update the scopes you should see listed under Your non-sensitive scopes

Image Added

Code Block
languagetext
[service.local.auth.oauth]
file = "oauth-config.json"


Code Block
languagetext
{
    "issuer": "https://accounts.google.com",
    "clientID": "<client-id>",
    "clientSecret": "<client-secret-id>",
    "redirectURI": "https://<fqdn>/service/auth/sso/oauth/callback",
    "tokenURL": "https://oauth2.googleapis.com/token",
    "authorizationURL": "https://accounts.google.com/o/oauth2/auth",
    "scopes": ["profile"],
    "insecureSkipVerify": true,
    "userInfoURL": "https://www.googleapis.com/oauth2/v3/userinfo",
    "userIDKey": "sub"
}

...