Google Sign in usage

From VoIPmonitor.org

Jump to navigation Jump to search

Configuration

it's disabled by default

you can enable it in the 'Settings->System configuration->Enable Google Sign in' with Voipmonitor's OAuth2.0 client ID as a default.

the client ID can be changed in the 'Settings->System configuration->Google client ID for Google Sign in'

the G button can be disabled in the 'Settings->System configuration->Don't display Google Sign in button'

the Google account's email is used as a key in GUI's user list. So you need to create users in the GUI with the appropriate email and to use the 'Google Sign in' as an authorization engine. The user's permissions are used from the GUI's user setting.

From the GUI 25.3 is possible to add one or more Google emails into Users -> 'secure users' tab -> Gmail emails. If Google email (returned from auth) is found in this entry then permissions of this user are used.

Next is possible to set one user account as 'Default Google Sign email'. If set then all non-matched Google email will use these account's permissions.

Usage

click on the G button an do auth

Own credential (the fast way how to create own credential)

Your own credentials will you create via https://console.developers.google.com (It supposes you can use the developer console)

API & Service -> credential -> create new credential -> type 'OAuth client ID' -> web application: here you get your client_id which you enter into the GUI.

Edit this new credential: Restriction -> Authorized JavaScript origins : set allowed URLs (now allowed only https:// URLs !!!)

Return to the API -> credentials -> OAuth consent screen : set 'Application type' and 'Authorized domains' (not needed in latest Google console settings)

That's all. After that logout from all your services logged with google account a re-login.

(Of course don't forget to enable the GAuth in the GUI).

Problems solving

If a blank window opens instead of a GUI login

(take care on settings of "Authorised JavaScript origins" field in GCloud)

Usage with custom login script

it's working
the email returned from Google is passed to the custom login script. And your script must return the structure as described in WEB_API#Custom_Login
Note: the GUI's internal users have precedence before custom login users

Retrieved from "https://www.voipmonitor.org//doc/index.php?title=Google_Sign_in_usage&oldid=4717"