QT/sure
1
0
Fork 0
mirror of https://github.com/we-promise/sure.git synced 2026-04-07 14:31:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
3f4330eea89106fce8f88d21452056cd7080d8ed
sure/docs/hosting/oidc.md
Juan José Mata 768e85ce08 Add OpenID Connect login support (#77) 
* Add OpenID Connect login support
* Add docs for OIDC config with Google Auth
* Use Google styles for log in
- Add support for linking existing account
- Force users to sign-in with passoword first, when linking existing accounts
- Add support to create new user when using OIDC
- Add identities to user to prevent account take-ver
- Make tests mocking instead of being integration tests
- Manage session handling correctly
- use OmniAuth.config.mock_auth instead of passing auth data via request env
* Conditionally render Oauth button

- Set a config item `configuration.x.auth.oidc_enabled`
- Hide button if disabled

---------

Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Signed-off-by: soky srm <sokysrm@gmail.com>
Co-authored-by: sokie <sokysrm@gmail.com>
2025-10-24 16:07:45 +02:00

1.6 KiB
Raw Blame History

Configuring OpenID Connect with Google

This guide shows how to enable OpenID Connect (OIDC) logins for Sure using Google as the identity provider.

1. Create a Google Cloud project

  1. Visit https://console.cloud.google.com and sign in.
  2. Create a new project or select an existing one.

2. Configure the OAuth consent screen

  1. Navigate to APIs & Services > OAuth consent screen.
  2. Choose External and follow the prompts to configure the consent screen.
  3. Add your Google account as a test user.

3. Create OAuth client credentials

  1. Go to APIs & Services > Credentials and click Create Credentials > OAuth client ID.
  2. Select Web application as the application type.
  3. Add an authorized redirect URI. For local development use: 
    http://localhost:3000/auth/openid_connect/callback
    Replace with your domain for production, e.g.: 
    https://yourdomain.com/auth/openid_connect/callback
  4. After creating the credentials, copy the Client ID and Client Secret.

4. Configure Sure

Set the following environment variables in your deployment (e.g. .env, docker-compose, or hosting platform):

OIDC_ISSUER="https://accounts.google.com"
OIDC_CLIENT_ID="your-google-client-id"
OIDC_CLIENT_SECRET="your-google-client-secret"
OIDC_REDIRECT_URI="https://yourdomain.com/auth/openid_connect/callback"

Restart the application after saving the variables.

The user can now sign in from the login page using the Sign in with OpenID Connect link. Google must report the user's email as verified and it must match the email on the account.

Reference in New Issue View Git Blame Copy Permalink