Google Social Login
This section describes how to configure Google application to login in OpenIAM.
1 Create and configure a Google project
This section describes how to add Google Oauth2 login in a web app for OAuth 2.0.
1 Creating a Google project
2 Configure OpenIAM
2.1 Create Authentication Provider
In Webconsole use Access Control menu->Authentication Provider->Create new provider. Select Google type of provider. Then copy and paste Client Id and Client Secret from Google console, fill required fields and save it.
Then make sure an appropriate content provider has following URL patterns
- /idp/social/google/callback (authorization is disabled, Authentication Rule - None)
- /idp/social/google/login (authorization is disabled, Authentication Rule - None, Supported HTTP Methods - POST)
2.2 Prepare users
Each user who might want to login via Google should have an identity of managed system that is selected on Auth provider page. In our example it is OpenIAM Managed system
3 Self registration feature
3.1 Configure Google console
In Google console go to Credentials -> OAuth 2.0 Client IDs (select your client)-> Authorized redirect URIs add https://your_openiam_domain/idp/social/google/selfRegistration and save it. Now need to enable People API from Google. For that you should pick menu 'Library' and search for 'people API', then click on API icon and enable it.
3.2 Configure OpenIAM
Enable check box "Use google for self registration" in Google Auth provider. Add 'profile' to Scope, it will look now: Save auth provider. Make sure an appropriate content provider has following URL pattern
/idp/social/google/selfRegistration (authorization is disabled, Authentication Rule - None, Supported HTTP Methods - GET)
4 Test feature
Now on login page you can see red button 'Sign with Google', if you click on it Google will ask you to share your info with the app and if google credentials are valid and your email matches the iam identity and it is not locked or disabled you will be logged in. If self registration via Google is enabled you will see another red button 'Create Account By Google', and again if your google credentials are valid then self registration form will be pre-populated by information from Google account.