Powered by Algolia

    Google Social Login

    This section explains how to configure Google OAuth 2.0 login for OpenIAM.

    Creating a Google project

    1. Go to the Google Developers Console and sign in with your Google account.
    2. Click Create Project, provide a project name (e.g., GoogleSocial), and click Create.
      google-new-project
    3. Complete the OAuth consent screen as prompted.
    4. Open the Credentials tab > Add Credentials > OAuth client ID.
      • Set Application type to Web Application.
      • Fill in Authorized JavaScript origins and Authorized redirect URIs.
        google-new-oauth-client-id
    5. Save and copy the generated Client ID and Client Secret.

    Configuring OpenIAM

    Creating an Authentication Provider

    1. In the OpenIAM Webconsole, go to Access Control > Authentication Provider > Create new provider.
    2. Select Google_AUTH_PROVIDER as the provider type.
    3. Paste the Client ID and Client Secret from the Google Console, fill in required fields, and Save.
      google-auth-prov

    Ensure the corresponding Content Provider has the following URL patterns (authorization disabled):

    • /idp/social/google/callback → Authentication Rule: None
    • /idp/social/google/login → Authentication Rule: None, Supported HTTP Methods: POST

    Preparing users

    Each user who logs in via Google must have an identity in the Managed System selected in the Authentication Provider (for example, OpenIAM Managed System).

    Self-Registration

    Configuring Google Console

    1. In Google Console, go to Credentials > OAuth 2.0 Client IDs, select your client, and add the redirect URI https://[your_openiam_domain]/idp/social/google/selfRegistration.
      1. Enable the People API:
    • Go to Library, search for People API, click the icon, and enable it.
      google-people-api

    Configuring OpenIAM

    1. In the Google Authentication Provider, enable Use Google for self registration.
    2. Add 'profile' to the Scope list, as shown below:
      google-scopes
    3. Save the provider.
    4. Ensure the Content Provider includes this URL pattern (authorization disabled):
    • /idp/social/google/selfRegistration → Authentication Rule: None, Supported HTTP Methods: GET

    Testing the feature

    On the login page, you’ll now see:

    • Sign in with Google — logs in users whose Google credentials match an existing IAM identity (not locked or disabled).
    • Create Account by Google — available when self-registration is enabled; pre-fills the registration form with data from the Google account.
    Previous
    Social authentication
    Next
    Facebook Social Login