Oauth

From Federal Burro of Information
Jump to navigationJump to search

GCP

setting up oauth on GCP.

you app is going to need some stuff.

client id and token at least. set those up here: 

export PROJECT=<insertyourproject>
https://console.cloud.google.com/apis/credentials?project=${PROJECT}

Here is a concoutse setup example:

``` 

   - name: CONCOURSE_OAUTH_DISPLAY_NAME
     value: "Staging ConCourse"
   - name: CONCOURSE_OAUTH_CLIENT_ID
     value: "<insert yours>"
   - name: CONCOURSE_OAUTH_CLIENT_SECRET
     value: "<insert yours>"
   - name: CONCOURSE_OAUTH_AUTH_URL
     value: "https://accounts.google.com/o/oauth2/v2/auth"
   - name: CONCOURSE_OAUTH_TOKEN_URL
     value: "https://oauth2.googleapis.com/token"
   - name: CONCOURSE_OAUTH_USERINFO_URL
     value: "https://openidconnect.googleapis.com/v1/userinfo"
   - name: CONCOURSE_OAUTH_AUTH_URL_PARAM
     value: "scope:profile%20email,hd:<YOURDOMAIN.CA>"
   - name: CONCOURSE_OAUTH_SCOPE
     value: "profile email"
   - name: CONCOURSE_LOG_LEVEL
     value: "debug"

```

I'm busy struggling with "CONCOURSE_OAUTH_USERINFO_URL" what is it, how is it used?

I'm getyting the OAUTH opion to show up in the councourse login page, and I'm getting redirected properly, it's only after sucessfully choosing a google account to use, that I'm getting an error , which makes me thign I have the USERINFO url and or scope wrong.

Apparently as part of the open id connect specification oauth providers should publish a publically accessable document that outlines the various endpoints required to get it all to work.

Here is googles: 

https://accounts.google.com/.well-known/openid-configuration

in there you will find the userinf url , which I then used for the concourse config.

more on user info from googles: 

https://developers.google.com/identity/protocols/oauth2/openid-connect#obtaininguserprofileinformation
Retrieved from "https://wiki.quadratic.net/index.php?title=Oauth&oldid=5017"