Before you can use Google's OAuth 2.0 authentication system for user login, you must:
- set up a project in the Google Developer Console (opens new window) to obtain OAuth 2.0 credentials,
- set a redirect URI (the Authentication worker's return URL: https://mywebsite.com/apiserver/auth/http/reentry)
- and (optionally) customize the branding information that your users see on the user-consent screen
Google's documentation can be found at https://developers.google.com/identity/protocols/OpenIDConnect
Once the project has been created you'll be able to access the newly generated "Client ID" and "Client Secret" needed below.
Parameters
As well as the parameters described in Base Provider Parameters, the following must be set in the params object.
| Name | Type | Comments |
|---|---|---|
| clientId | String, required | The Client ID from your Google project |
| secret | String, required | The Client secret from your Google project |
User Profile Data
We request the following information from Google about a user. The properties are automatically mapped to the Authentication Worker's UserProfile class. These properties are then mapped to actual fields in a site user's profile, following the mappings set up in the
| Google Property | Mapped To | Comments |
|---|---|---|
| sub | UNIQUEID | Google's unique user identifier |
| name | PREFERREDNAME | Full name |
| given_name | FORENAMES | First name |
| family_name | SURNAME | Last name |
| The main account email address |
See the Linking Providers, Account and Profile Management article for information about how profiles and email addresses are updated.
Example
{
"providerName": "google",
"providerDisplayName": "Google",
"type": "google",
"userPrefix": "G_",
"params": {
"clientId": "googleGeneratedApiKey",
"secret": "googleGeneratedSecret",
"checkConsentToStoreData": true,
"failIfConsentNotGiven": true
}
}
Share this page
