Google Authentication

Configuring an Application for Google Authentication

Step 1: Set Up a Project in the Google API Console

  1. Log into the Google API Console:
  2. Create a New Project:
    • In the top bar, click Select a project > New Project.
    • Provide a name for your project (e.g., "Authentication") and click Create.

Step 2: Enable OAuth 2.0 Credentials

  1. In the left-hand menu, navigate to APIs & Services > Credentials.
  2. Click + Create Credentials and select OAuth 2.0 Client ID.
  3. Configure OAuth Consent Screen:
    • Go to OAuth consent screen.
    • Select External if your users include Google accounts from outside your organization.
    • Fill in the required details (e.g., App name, support email, etc.), and click Save.
  4. Create OAuth Client ID:
    • In Application Type, select Web Application.
    • Provide a name for the OAuth client (e.g., "Umango Authentication").
    • In Authorized redirect URIs, add the redirect URL for your app (e.g., https://umango-server-domain/oAuth2Callback).
    • Click Create and copy the Client ID and Client Secret.

Step 3: Configure API Scopes

  1. After creating the OAuth 2.0 client ID, ensure to assign your app the API service Admin SDK API. The following scopes will be used by Umango:
    • openid
    • profile
    • email
    • https://www.googleapis.com/auth/admin.directory.group.readonly
    • https://www.googleapis.com/auth/admin.directory.user.readonly
    • https://www.googleapis.com/auth/admin.directory.domain.readonly
  2. These scopes allow your app to access the user’s basic profile information and perform user and group related queries.

Step 4: Obtain OAuth Client Credentials

  • In the Credentials tab, you’ll see the Client ID and Client Secret. Copy these for use in your application.

Step 5: Configure Your Application

In your application’s configuration, enter the following details and then press 'Save':

  • Client ID: The OAuth 2.0 Client ID from the Google API Console.
  • Client Secret: The OAuth 2.0 Client Secret.
  • Redirect URI: The URL where Google will send users after authentication (e.g., http://umango-acme.com/dashboard/oauth2callback). The domain should be the domain or hostname configured for your Umango server. The url should match the redirect url configured in your app exactly.

Step 6: Test the Authentication Flow

  • Before navigating away from the Umango Authentication settings page, open a browser in incognito mode and attempt to sign in to Umango with your new Google settings.
  • Verify that the authentication flow works and that you are redirected back to Umango after logging in.

Common Troubleshooting Tips

  • Make sure that the Authorized Redirect URI in Google’s API Console matches the URI configured in the Umango settings.
  • Ensure that the OAuth consent screen is configured and verified, if necessary.