0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-01-13 21:30:30 -05:00
logto/packages/connectors/connector-google/README.md
Darcy Ye 15953609bb
feat: support prompt config for some built-in connectors (#6023)
* feat: support prompt config for some built-in connectors

* chore: adopt code review suggestions

Co-authored-by: Gao Sun <gao@silverhand.io>

---------

Co-authored-by: Gao Sun <gao@silverhand.io>
2024-06-24 04:42:47 +00:00

85 lines
4.9 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Google connector
The Google connector provides a succinct way for your application to use Googles OAuth 2.0 authentication system.
**Table of contents**
- [Set up a project in the Google API Console](#set-up-a-project-in-the-google-api-console)
- [Configure your consent screen](#configure-your-consent-screen)
- [Configure and register your application](#configure-and-register-your-application)
- [Edit app registration](#edit-app-registration)
- [Config OAuth consent screen](#config-oauth-consent-screen)
- [Config scopes](#config-scopes)
- [Add test users (External user type only)](#add-test-users-external-user-type-only)
- [Obtain OAuth 2.0 credentials](#obtain-oauth-20-credentials)
- [Configure your connector](#configure-your-connector)
- [Config types](#config-types)
- [References](#references)
## Set up a project in the Google API Console
- Visit the [Google API Console](https://console.developers.google.com) and sign in with your Google account.
- Click the **Select a project** button on the top menu bar, and click the **New Project** button to create a project.
- In your newly created project, click the **APIs & Services** to enter the **APIs & Services** menu.
## Configure your consent screen
### Configure and register your application
- On the left **APIs & Services** menu, click the **OAuth consent screen** button.
- Choose the **User Type** you want, and click the **Create** button. (Note: If you select **External** as your **User Type**, you will need to add test users later.)
Now you will be on the **Edit app registration** page.
### Edit app registration
#### Config OAuth consent screen
- Follow the instructions to fill out the **OAuth consent screen** form.
- Click **SAVE AND CONTINUE** to continue.
#### Config scopes
- Click **ADD OR REMOVE SCOPES** and select `../auth/userinfo.email`, `../auth/userinfo.profile` and `openid` in the popup drawer, and click **UPDATE** to finish. It is recommended that you consider adding all the scopes you may use, otherwise some scopes you added in the configuration may not work.
- Fill out the form as you need.
- Click **SAVE AND CONTINUE** to continue.
#### Add test users (External user type only)
- Click **ADD USERS** and add test users to allow these users to access your application while testing.
- Click **SAVE AND CONTINUE** to continue.
Now you should have the Google OAuth 2.0 consent screen configured.
## Obtain OAuth 2.0 credentials
- On the left **APIs & Services** menu, click the **Credentials** button.
- On the **Credentials** page, click the **+ CREATE CREDENTIALS** button on the top menu bar, and select **OAuth client ID**.
- On the **Create OAuth client ID** page, select **Web application** as the application type.
- Fill out the basic information for your application.
- Click **+ Add URI** to add an authorized domain to the **Authorized JavaScript origins** section. This is the domain that your logto authorization page will be served from. In our case, this will be `${your_logto_endpoint_origin}`. e.g.`https://foo.logto.app`.
- Click **+ Add URI** in the ****Authorized redirect URIs**** section to set up the ****Authorized redirect URIs****, which redirect the user to the application after logging in. In our case, this will be `${your_logto_endpoint}/callback/${connector_id}`. e.g. `https://foo.logto.app/callback/${connector_id}`. The `connector_id` can be found on the top bar of the Logto Admin Console connector details page.
- Click **Create** to finish and then you will get the **Client ID** and **Client Secret**.
## Configure your connector
Fill out the `clientId` and `clientSecret` field with _Client ID_ and _Client Secret_ you've got from OAuth app detail pages mentioned in the previous section.
`scope` is a space-delimited list of [scopes](https://developers.google.com/identity/protocols/oauth2/scopes). If not provided, scope defaults to be `openid profile email`.
`prompts` is an array of strings that specifies the type of user interaction that is required. The string can be one of the following values:
- `none`: The authorization server does not display any authentication or user consent screens; it will return an error if the user is not already authenticated and has not pre-configured consent for the requested scopes. You can use none to check for existing authentication and/or consent.
- `consent`: The authorization server prompts the user for consent before returning information to the client.
- `select_account`: The authorization server prompts the user to select a user account. This allows a user who has multiple accounts at the authorization server to select amongst the multiple accounts that they may have current sessions for.
### Config types
| Name | Type |
|--------------|----------|
| clientId | string |
| clientSecret | string |
| scope | string |
| prompts | string[] |
## References
* [Google Identity: Setting up OAuth 2.0](https://developers.google.com/identity/protocols/oauth2/openid-connect#appsetup)