Skip to content

Latest commit

 

History

History
89 lines (53 loc) · 3 KB

google_oauth_setup.mdx

File metadata and controls

89 lines (53 loc) · 3 KB
title description icon
Google OAuth Setup
How to set up user login via Google OAuth
google

Setting up the Google Cloud App

Create a google project: https://console.cloud.google.com/projectcreate

Enabling the People API

Enable the Google People API here: https://console.cloud.google.com/apis/library/people.googleapis.com

Be sure to have the right project selected.

Setting up the OAuth Consent Screen

Go to APIs & Services on the left hand tab (see image below).

Then select OAuth Consent screen page.

GoogleOAuthConsentMenu

Under OAuth Consent screen select either Internal or External

  • Companies with a Google Workspace should choose Internal
  • Otherwise choose External

On the next page:

  • Provide an app name (can go with Onyx)
  • Provide any email you own (or [email protected] if you want us to handle questions from your Onyx users)
  • Upload the Onyx logo (or leave blank)
  • The Developer contact information can be any email you own (or again, [email protected])

GoogleApp

Leave the optional fields blank

Click SAVE AND CONTINUE

Leave the next two pages for Scopes and Test users blank.

Setting up Credentials

Still under APIs & Services, go to Credentials on the left hand bar

Click on +CREATE CREDENTIALS and choose OAuth client ID

Select Web application then call it Onyx

Add a Authorized JavaScript origins as:

  • http://localhost:3000 for local or replace with https://<WEB_DOMAIN> (e.g. https://www.onyx.app) if setting up for prod.

Add a Authorized redirect URIs as:

  • http://localhost:3000/auth/oauth/callback for local setup or https://<WEB_DOMAIN>/auth/oauth/callback if setting up for prod.

Click CREATE and save the Client ID and Client Secret for use in the next section

Turning on OAuth in Onyx

OAuth is controlled by 3 environment variables, regardless of deployment choice (non-containerized, docker compose, kubernetes). To turn the feature on set:

  • AUTH_TYPE=google_oauth
  • OAUTH_CLIENT_ID=<your client id from above>
  • OAUTH_CLIENT_SECRET=<your client secret from above>
  • If setting up in production, then:
    • WEB_DOMAIN=<your domain including protocol e.g. https://www.onyx.app>

Non Containerized

Simply set the above environment variables when running the different Onyx processes.

  • The backend api server uses the 3 environment variables
  • The frontend hits the api server to determine what user authentication setting is configured and serves the relevant pages.

Docker Compose

Simply set the 4 environment variables in a file called .env under onyx/deployment/docker_compose.

Kubernetes

Kubernetes deployment was designed for production use and assumes that user Auth is a required feature therefore it is on by default. To set up the required values, replace the REPLACE-THIS values in secrets.yaml with thebase64 encoded client ID and client secret from above.