Oauth
GCP
setting up oauth on GCP.
you app is going to need some stuff.
client id and token at least. set those up here:
export PROJECT=<insertyourproject> https://console.cloud.google.com/apis/credentials?project=${PROJECT}
Here is a concoutse setup example:
```
- name: CONCOURSE_OAUTH_DISPLAY_NAME
value: "Staging ConCourse"
- name: CONCOURSE_OAUTH_CLIENT_ID
value: "<insert yours>"
- name: CONCOURSE_OAUTH_CLIENT_SECRET
value: "<insert yours>"
- name: CONCOURSE_OAUTH_AUTH_URL
value: "https://accounts.google.com/o/oauth2/v2/auth"
- name: CONCOURSE_OAUTH_TOKEN_URL
value: "https://oauth2.googleapis.com/token"
- name: CONCOURSE_OAUTH_USERINFO_URL
value: "https://openidconnect.googleapis.com/v1/userinfo"
- name: CONCOURSE_OAUTH_AUTH_URL_PARAM
value: "scope:profile%20email,hd:<YOURDOMAIN.CA>"
- name: CONCOURSE_OAUTH_SCOPE
value: "profile email"
- name: CONCOURSE_LOG_LEVEL
value: "debug"
```
I'm busy struggling with "CONCOURSE_OAUTH_USERINFO_URL" what is it, how is it used?
I'm getyting the OAUTH opion to show up in the councourse login page, and I'm getting redirected properly, it's only after sucessfully choosing a google account to use, that I'm getting an error , which makes me thign I have the USERINFO url and or scope wrong.
Apparently as part of the open id connect specification oauth providers should publish a publically accessable document that outlines the various endpoints required to get it all to work.
Here is googles:
https://accounts.google.com/.well-known/openid-configuration
in there you will find the userinf url , which I then used for the concourse config.
more on user info from googles:
https://developers.google.com/identity/protocols/oauth2/openid-connect#obtaininguserprofileinformation
