Google Sign in usage: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
(9 intermediate revisions by 2 users not shown) | |||
Line 3: | Line 3: | ||
* it's disabled by default | * it's disabled by default | ||
* you can enable it in the 'Settings->System configuration->Enable Google Sign in' with Voipmonitor's OAuth2.0 client ID as a default. | * you can enable it in the 'Settings->System configuration->Enable Google Sign in' with Voipmonitor's OAuth2.0 client ID as a default. | ||
* the client ID can be changed in the 'Settings->System configuration->Google client ID for Google Sign in' | * the client ID can be changed in the 'Settings->System configuration->Google client ID for Google Sign in' | ||
* the G button can be disabled in the 'Settings->System configuration->Don't display Google Sign in button' | * the G button can be disabled in the 'Settings->System configuration->Don't display Google Sign in button' | ||
* the Google account's email is used as a key in GUI's user list. So you need to create users in the GUI with the appropriate email and to use the 'Google Sign in' as an authorization engine. The user's permissions are used from the GUI's user setting. | |||
* From the GUI 25.3 is possible to add one or more Google emails into Users -> 'secure users' tab -> Gmail emails. If Google email (returned from auth) is found in this entry then permissions of this user are used. | |||
* Next is possible to set one user account as 'Default Google Sign email'. If set then all non-matched Google email will use these account's permissions. | |||
== Usage == | == Usage == | ||
* click on the G button an do auth | * click on the G button an do auth | ||
== Own credential (the fast way how to create own credential) == | |||
* Your own credentials will you create via https://console.developers.google.com (It supposes you can use the developer console) | |||
* API & Service -> credential -> create new credential -> type 'OAuth client ID' -> web application: here you get your client_id which you enter into the GUI. | |||
* Edit this new credential: Restriction -> Authorized JavaScript origins : set allowed URLs (now allowed only https:// URLs !!!) | |||
* Return to the API -> credentials -> OAuth consent screen : set 'Application type' and 'Authorized domains' (not needed in latest Google console settings) | |||
That's all. After that logout from all your services logged with google account a re-login. | |||
(Of course don't forget to enable the GAuth in the GUI). | |||
== Problems solving == | |||
* If a blank window opens instead of a GUI login | |||
(take care on settings of "Authorised JavaScript origins" field in GCloud) | |||
== Usage with custom login script == | |||
* it's working | |||
* the email returned from Google is passed to the custom login script. And your script must return the structure as described in [[WEB_API#Custom_Login]] | |||
* Note: the GUI's internal users have precedence before custom login users |
Latest revision as of 15:30, 27 February 2024
Configuration
- it's disabled by default
- you can enable it in the 'Settings->System configuration->Enable Google Sign in' with Voipmonitor's OAuth2.0 client ID as a default.
- the client ID can be changed in the 'Settings->System configuration->Google client ID for Google Sign in'
- the G button can be disabled in the 'Settings->System configuration->Don't display Google Sign in button'
- the Google account's email is used as a key in GUI's user list. So you need to create users in the GUI with the appropriate email and to use the 'Google Sign in' as an authorization engine. The user's permissions are used from the GUI's user setting.
- From the GUI 25.3 is possible to add one or more Google emails into Users -> 'secure users' tab -> Gmail emails. If Google email (returned from auth) is found in this entry then permissions of this user are used.
- Next is possible to set one user account as 'Default Google Sign email'. If set then all non-matched Google email will use these account's permissions.
Usage
- click on the G button an do auth
Own credential (the fast way how to create own credential)
- Your own credentials will you create via https://console.developers.google.com (It supposes you can use the developer console)
- API & Service -> credential -> create new credential -> type 'OAuth client ID' -> web application: here you get your client_id which you enter into the GUI.
- Edit this new credential: Restriction -> Authorized JavaScript origins : set allowed URLs (now allowed only https:// URLs !!!)
- Return to the API -> credentials -> OAuth consent screen : set 'Application type' and 'Authorized domains' (not needed in latest Google console settings)
That's all. After that logout from all your services logged with google account a re-login.
(Of course don't forget to enable the GAuth in the GUI).
Problems solving
- If a blank window opens instead of a GUI login
(take care on settings of "Authorised JavaScript origins" field in GCloud)
Usage with custom login script
- it's working
- the email returned from Google is passed to the custom login script. And your script must return the structure as described in WEB_API#Custom_Login
- Note: the GUI's internal users have precedence before custom login users