Google Sign in usage: Difference between revisions
Jump to navigation
Jump to search
Line 10: | Line 10: | ||
* the Google account's email is used as a key in GUI's user list. So you need to create users in the GUI with the appropriate email and to use the 'Google Sign in' as an authorization engine. The user's permissions are used from the GUI's user setting. | * the Google account's email is used as a key in GUI's user list. So you need to create users in the GUI with the appropriate email and to use the 'Google Sign in' as an authorization engine. The user's permissions are used from the GUI's user setting. | ||
* From the GUI 25.3 is possible to add one or more Google emails into Users -> 'secure users' tab -> Gmail emails. If Google email (returned from auth) is found in this entry then permissions of this user are used. | |||
* Next is possible to set one user account as 'Default Google Sign email'. If set then all non-matched Google email will use these account's permissions. | |||
== Usage == | == Usage == |
Revision as of 16:32, 23 January 2023
Configuration
- it's disabled by default
- you can enable it in the 'Settings->System configuration->Enable Google Sign in' with Voipmonitor's OAuth2.0 client ID as a default. So you can use it if you will use the name 'gauthgui.voipmonitor.org' as a hostname in your webserver (suppose https access). (it's allowed Authorized JavaScript origins hostname)
- the client ID can be changed in the 'Settings->System configuration->Google client ID for Google Sign in'
- the G button can be disabled in the 'Settings->System configuration->Don't display Google Sign in button'
- the Google account's email is used as a key in GUI's user list. So you need to create users in the GUI with the appropriate email and to use the 'Google Sign in' as an authorization engine. The user's permissions are used from the GUI's user setting.
- From the GUI 25.3 is possible to add one or more Google emails into Users -> 'secure users' tab -> Gmail emails. If Google email (returned from auth) is found in this entry then permissions of this user are used.
- Next is possible to set one user account as 'Default Google Sign email'. If set then all non-matched Google email will use these account's permissions.
Usage
- click on the G button an do auth
Own credential (the fast way how to create own credential)
- Your own credentials will you create via https://console.developers.google.com (It supposes you can use the developer console)
- API & Service -> credential -> create new credential -> type 'OAuth client ID' -> web application: here you get your client_id which you enter into the GUI.
- Edit this new credential: Restriction -> Authorized JavaScript origins : set allowed URLs (now allowed only https:// URLs !!!)
- Return to the API -> credentials -> OAuth consent screen : set 'Application type' and 'Authorized domains' (not needed in latest Google console settings)
That's all. After that logout from all your services logged with google account a re-login.
(Of course don't forget to enable the GAuth in the GUI).