Google OAuth2.0 Integration
Learn how to configure a connection to Google via OAuth2.0.
Introduction
Each SSO Identity Provider requires specific information to create and configure a new Connection (through Application registered). Often, the information required to create a connection will differ by Identity Provider.
Google integration with Cripsa using OAUTH2.0 consists of 4 parts,
- 1. Create a project/select (an existing) project by logging into https://cripsa.com
- 2. Create an App in Google Console using enterprise subscription in https://console.cloud.google.com/
- 3. Use Client ID and Client Secret information of the GCP account for App registration with Cripsa.
- 4. Use the Final URI received to call against the User click to start the Authentication process workflow.
Create Project through Cripsa
Login to Cripsa Dashboard by using email account
Once logged in Create project for OAuth2.0.
Fill all the details. All the fields are required.
Click on “Create Project”.
Note Down all the above highlighted information which will be used while creation of the App in Google Console (https://console.cloud.google.com).
What Cripsa provides
Cripsa provides the “Authorized Java-http Origin” and “Authorized Redirect URI”. It’s readily available in your Project Detail page of Cripsa Dashboard.
The Authorized Redirect URI is the location an Identity Provider redirects its authentication response to. In Google’s case, it needs to be set by the Enterprise when configuring your application in their GCP Console.
The Authorized Java-http Origin is a URI used to identify the issuer of a OAuth2.0 request, response, or assertion. In this case, the Authorized Java-http Origin is used to communicate that, Cripsa will be the party performing OAuth2.0 requests to the Enterprise’s GCP App instance.
What you’ll need
To integrate you’ll need the OAuth Client App Credentials (Client ID and Client Secret) from GCP APIs & Services.
To integrate you’ll need the OAuth Client App Credentials (Client ID and Client Secret) from GCP APIs & Services.
1. Log in
Log in to the GCP Console, select “APIs & Services” from the sidebar menu, and then select “OAuth consent screen” from the following list.
It is asking for User Type.
- Internal: In this mode, your app is limited to Google Workspace users within your organization . You can communicate with your internal users directly about how you'll use their data.
- External: Your app will only be available to users you add to the list of test users. Once your app is ready to publish, you may need to verify your app.
Depending on requirement one need to select the option.
2. Enter Your App’s Information
Give the app a descriptive name,upload an icon (if any), Authorized Domain and Developer Contact Information and Click “Save and Continue”.
3. Add or Remove Scopes
Add scopes email, profile and openid.
4. Add Users for testing
Here you can add the users through which client wants to test the OAuth2.0 Workflow.
5. Create a New Credential for the App
To access the App created above there is a need to create OAuth Client. The process is defined below through screen shots.
Select Credentials->Create Credentials->OAuth client ID
Select Application Type as Web Application.
Put the Details like Name, Authorization JavaScript Origin, Authorized redirect URIs. The two URI you have got while creation of the Project through https://cripsa.com.
Note Down Client ID and Client Secret which is needed while registering this App through https://cripsa.com
6. Obtain Identity Provider Details
Select the “Download OAuth client” button to download the Google OAuth Client credentials file. Save this file, as you’ll need to use the detail in this file to register this app through https://cripsa.com
7. Register Google App with Cripsa
If you haven’t already downloaded the App Credentials (Client ID and Client Secret), select your OAuth Client application, and click “Download OAuth Client”. In the pop-up window, again click “Download JSON” or Note down the Client Credentials by click on copy button.
Now go back to https://cripsa.com/oauth-register-app ->Select your project you have just created.
Here Three Fields are Mandatory to fill:
- Register Type
- IDP Client ID
- IDP Client Secret
In the Register Type there are four options, and one has to select anyone of them as per your requirement. For more information on these options please see FAQ.
Now Put the Client Credentials and Click on “Register OAuth2.0 App”
The URI got in the final response will be called as part of the Login Click Button by the Client.
Now use Code URI to login to App to get Code and redirection.
Use the account which has been added as test user.
For Getting the AccessToken and IdToken use Token URI.
Frequently asked questions
1. How many Registration Options available in Cripsa for OAUTH2.0 and what is the difference between them?
In the Register Type there are four options:
- Registration of OAth2.0 Only
- Registration of OAth2.0 in Separate Client
- Registration of OAth2.0 with Other Already registered Auth Type Apps/Method with MFA
- Registration of OAuth2.0 with Other Already registered Auth Type Apps/Method without MFA
Only the Login screen would be Different for each Registration Type.
Here in the above diagram one can see MFA is available along with OAUTH2.0 authentication.
Here in the above diagram one can see MFA is available along with OAUTH2.0 and OAUTH 2.0 authentication.
