# Introduction
In the ever-expanding digital landscape, user authentication is a critical aspect of securing applications. One powerful method to achieve this is through OAuth, a widely adopted open standard for access delegation commonly used by major platforms like Google. This article aims to guide you through the process of configuring OAuth with Google for your application. From creating an application on the OAuth consent screen to obtaining and utilizing the client ID and secret, we'll provide step-by-step instructions accompanied by illustrative images. Whether you're a developer implementing OAuth or an administrator overseeing the setup, this comprehensive guide ensures a smooth integration with Google's authentication services. By the end of this article, you'll have a clear understanding of the necessary steps involved in Google OAuth configuration and be well-equipped to enhance your application's security while providing a seamless authentication experience for users. Let's dive into the details of each step and empower your application with the robust authentication capabilities offered by Google OAuth.Google Configuration
On Google side, you'll have to follow these steps:
Step 1: Create an Application on the OAuth Consent Screen Tab
To initiate the configuration, navigate to the OAuth consent screen tab on the Google Cloud Console. Follow these steps:
Open the Google Cloud Console.
Click on the "APIs & Services" and then select "Credentials."
Create a new application on the OAuth consent screen tab.
Required scopes:
email,profile, andopenid.
Step 2: Restrict Access to Internal Workspace
Enhance security by restricting access to your internal workspace. Follow these steps:
In the OAuth consent screen, select the "Internal" user type.
Step 3: Create a New OAuth Client ID
Now, create a new OAuth client ID. Here's how:
Choose a name for your application (e.g., "Conduktor Console").
Define the redirect URI using the format:
http(s)://<Console host>(:<Console port>)/oauth/callback/<OAuth2 config name>.Example:
http://localhost:8080/oauth/callback/google.For additional details on Console redirect URI for OAuth2, consult the documentation.
Step 4: Get the Client ID and Secret ID
After creating the OAuth client ID, save the client ID and secret, as displayed in the pop-up. Optionally, save them as JSON.
Tips and Additional Information
Retrieve the
.well-knownconfiguration at https://accounts.google.com/.well-known/openid-configuration.If necessary, add an authorized domain to your Google account by following the provided guide.
Console Configuration
On the Console side, add the following snippet to your configuration file or environment variables:
YAML File (platform-config.yaml)
sso:
oauth2:
- name: "google"
default: true
client-id: "<client ID>"
client-secret: "<client secret>"
openid:
issuer: "https://accounts.google.com"
Environment Variables (.env)
CDK_SSO_OAUTH2_0_NAME="google"
CDK_SSO_OAUTH2_0_DEFAULT=true
CDK_SSO_OAUTH2_0_CLIENT-ID="<client ID>"
CDK_SSO_OAUTH2_0_CLIENT-SECRET="<client secret>"
CDK_SSO_OAUTH2_0_OPENID_ISSUER="https://accounts.google.com"
Replace <client ID> and <client secret> with the values obtained during the OAuth client ID creation.
By following these steps, you'll successfully configure Google OAuth for your application, ensuring secure user authentication.
Reference: 