Google Social Login

This section describes how to configure Google application to login in OpenIAM.

1 Creating and configuring a Google project

This section describes how to add Google Oauth2 login in a web app for OAuth 2.0.

1 Creating a Google project

First go to Google Developers Console https://console.developers.google.com. Sign in using your Google credentials if you haven’t already. There will be a list of projects (if you have previously created any). Click on Create Project to create a new project. Provide a project name in the dialog box and press enter. Our project name is GoogleSocial. google-new-project You will be asked to fill info on OAuth consent screen, do it based on your purposes. Now click on the Credentials menu. Then click on Add Credentials and then select OAuth client ID. Select application type is Web Application. Fill Authorized JavaScript origins and Authorized redirect URIs google-new-oauth-client-id Save provided the client ID and secret

2 Configuring OpenIAM

2.1 Create Authentication Provider

In Webconsole use Access Control menu->Authentication Provider->Create new provider. Select Google type of provider. Then copy and paste Client Id and Client Secret from Google console, fill required fields and save it. google-auth-prov

Then make sure an appropriate content provider has following URL patterns

  • /idp/social/google/callback (authorization is disabled, Authentication Rule - None)
  • /idp/social/google/login (authorization is disabled, Authentication Rule - None, Supported HTTP Methods - POST)

2.2 Preparing users

Each user who might want to login via Google should have an identity of managed system that is selected on Auth provider page. In our example it is OpenIAM Managed system

3 Self registration feature

3.1 Configuring Google console

In Google console go to Credentials -> OAuth 2.0 Client IDs (select your client)-> Authorized redirect URIs add https://[ your_openiam_domain ]/idp/social/google/selfRegistration and save it. Now need to enable People API from Google. For that you should pick menu 'Library' and search for 'people API', then click on API icon and enable it. google-people-api

3.2 Configuring OpenIAM

Enable check box "Use google for self registration" in Google Auth provider. Add 'profile' to Scope, it will look now: google-scopes Save auth provider. Make sure an appropriate content provider has following URL pattern

  • /idp/social/google/selfRegistration (authorization is disabled, Authentication Rule - None, Supported HTTP Methods - GET)

    4 Test feature

    Now on login page you can see red button 'Sign with Google', if you click on it Google will ask you to share your info with the app and if google credentials are valid and your email matches the iam identity and it is not locked or disabled you will be logged in. If self registration via Google is enabled you will see another red button 'Create Account By Google', and again if your google credentials are valid then self registration form will be pre-populated by information from Google account.