title | description | icon |
---|---|---|
Google OAuth Setup |
How to set up user login via Google OAuth |
google |
Create a google project: https://console.cloud.google.com/projectcreate
Enable the Google People API here: https://console.cloud.google.com/apis/library/people.googleapis.com
Be sure to have the right project selected.
Go to APIs & Services on the left hand tab (see image below).
Then select OAuth Consent screen page.
Under OAuth Consent screen select either Internal or External
- Companies with a Google Workspace should choose
Internal
- Otherwise choose
External
On the next page:
- Provide an app name (can go with
Onyx
) - Provide any email you own (or [email protected] if you want us to handle questions from your Onyx users)
- Upload the Onyx logo (or leave blank)
- The Developer contact information can be any email you own (or again, [email protected])
Leave the optional fields blank
Click SAVE AND CONTINUE
Leave the next two pages for Scopes and Test users blank.
Still under APIs & Services, go to Credentials on the left hand bar
Click on +CREATE CREDENTIALS and choose OAuth client ID
Select Web application
then call it Onyx
Add a Authorized JavaScript origins
as:
http://localhost:3000
for local or replace withhttps://<WEB_DOMAIN>
(e.g.https://www.onyx.app
) if setting up for prod.
Add a Authorized redirect URIs
as:
http://localhost:3000/auth/oauth/callback
for local setup orhttps://<WEB_DOMAIN>/auth/oauth/callback
if setting up for prod.
Click CREATE and save the Client ID and Client Secret for use in the next section
OAuth is controlled by 3 environment variables, regardless of deployment choice (non-containerized, docker compose, kubernetes). To turn the feature on set:
AUTH_TYPE=google_oauth
OAUTH_CLIENT_ID=<your client id from above>
OAUTH_CLIENT_SECRET=<your client secret from above>
- If setting up in production, then:
WEB_DOMAIN=<your domain including protocol e.g. https://www.onyx.app>
Simply set the above environment variables when running the different Onyx processes.
- The backend api server uses the 3 environment variables
- The frontend hits the api server to determine what user authentication setting is configured and serves the relevant pages.
Simply set the 4 environment variables in a file called .env under onyx/deployment/docker_compose.
Kubernetes deployment was designed for production use and assumes that user Auth is a required feature therefore it is
on by default. To set up the required values, replace the REPLACE-THIS
values in secrets.yaml with thebase64 encoded
client ID and client secret from above.