# Google as OAuth2 Provider
In the following example configuration we will implement Google as OAuth provider.
You will require Google credentials and a Google developer account for configuration.
# 1: Register New App in Google
- To register a new app, open the Google developer console (opens new window) and go to
Credentials. - Select
OAuth client idandWeb application. - Give the following app information:
| Field | Value |
|---|---|
| Application type | Web application |
| Name | Name of your application, e.g. "Web client " |
| Authorized JavaScript origins | Enter origin URI of the client application, e.g. "https://example.4allportal.net" |
| Authorized redirect URIs | Enter the redirect URIs, e.g. "https://example.4allportal.net/oauth/login/{providerName}" |
Please note: The provider name required for field Authorized redirect URIs is created in the next step and can be replaced here later.
- Click "Create". A pop-up window should appear, make sure to save the Client ID and Client Secret for future use.
# 2: 4ALLPORTAL Basic Configuration
In the 4ALLPORTAL, navigate to admin snap-in Authentication/OAuth configurations. Click Create in the toolbar.
The following basic settings are required for a Google provider:
- Give your provider a name (e.g. google). This name later replaces
{providerName}in Google fieldAuthorized redirect URIs.- Naming rules: Please do not use special characters (allowed are: a - z, A - Z, numbers and underscore
_)
- Naming rules: Please do not use special characters (allowed are: a - z, A - Z, numbers and underscore
- In field Base URL, enter your domain name (without
/at the end). - Enable field visible.
- Select a default role and a default language for the users logging in with this provider.
- In section Mapping of user fields you can add the following configuration:
| CoreEngine Field | External Field | Overwrite |
|---|---|---|
| ext_id | sub | false |
| true | ||
| username | name | true |
| firstname | given_name | true |
| lastname | family_name | true |
# 3: 4ALLPORTAL OAuth2 Specific Configuration
The following OAuth2 specific settings are required for a Google provider:
- In field Client ID, enter your Client ID
- In field Client secret, enter your Client secret
- In field Access token URI, enter
https://www.googleapis.com/oauth2/v4/token(please always check the correct version). - In field User authorization URI, enter
https://accounts.google.com/o/oauth2/v2/auth(please always check the correct version). - In field User info URI, enter
https://www.googleapis.com/oauth2/v3/userinfo(please always check the correct version). - In section
Scopes, addprofileandemail.
We have added scopes "profile" and "email". You can as well add other scopes, compare the Google docs (opens new window) for details.
Example configuration in the GUI
# 4: Complete Configuration
- Save your 4ALLPORTAL configuration and restart the system.
- In the Google-side configuration, replace
{providerName}with your stored provider name in fieldAuthorized redirect URIs.