QT/sure
1
0
Fork 0
mirror of https://github.com/we-promise/sure.git synced 2026-04-08 14:54:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7be799fac734eea2efee59b33b7c85534f27f192
sure/docs/hosting/oidc.md
Juan José Mata 768e85ce08 Add OpenID Connect login support (#77) 
* Add OpenID Connect login support
* Add docs for OIDC config with Google Auth
* Use Google styles for log in
- Add support for linking existing account
- Force users to sign-in with passoword first, when linking existing accounts
- Add support to create new user when using OIDC
- Add identities to user to prevent account take-ver
- Make tests mocking instead of being integration tests
- Manage session handling correctly
- use OmniAuth.config.mock_auth instead of passing auth data via request env
* Conditionally render Oauth button

- Set a config item `configuration.x.auth.oidc_enabled`
- Hide button if disabled

---------

Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Signed-off-by: soky srm <sokysrm@gmail.com>
Co-authored-by: sokie <sokysrm@gmail.com>
2025-10-24 16:07:45 +02:00

44 lines
1.6 KiB
Markdown
Raw Blame History

# Configuring OpenID Connect with Google
This guide shows how to enable OpenID Connect (OIDC) logins for Sure using Google as the identity provider.
## 1. Create a Google Cloud project
1. Visit [https://console.cloud.google.com](https://console.cloud.google.com) and sign in.
2. Create a new project or select an existing one.
## 2. Configure the OAuth consent screen
1. Navigate to **APIs & Services > OAuth consent screen**.
2. Choose **External** and follow the prompts to configure the consent screen.
3. Add your Google account as a test user.
## 3. Create OAuth client credentials
1. Go to **APIs & Services > Credentials** and click **Create Credentials > OAuth client ID**.
2. Select **Web application** as the application type.
3. Add an authorized redirect URI. For local development use:
```
http://localhost:3000/auth/openid_connect/callback
```
Replace with your domain for production, e.g.:
```
https://yourdomain.com/auth/openid_connect/callback
```
4. After creating the credentials, copy the **Client ID** and **Client Secret**.
## 4. Configure Sure
Set the following environment variables in your deployment (e.g. `.env`, `docker-compose`, or hosting platform):
```bash
OIDC_ISSUER="https://accounts.google.com"
OIDC_CLIENT_ID="your-google-client-id"
OIDC_CLIENT_SECRET="your-google-client-secret"
OIDC_REDIRECT_URI="https://yourdomain.com/auth/openid_connect/callback"
```
Restart the application after saving the variables.
The user can now sign in from the login page using the **Sign in with OpenID Connect** link. Google must report the user's email as verified and it must match the email on the account.
Reference in New Issue View Git Blame Copy Permalink