Onedata Documentation

Guides, API references, and examples for building with Onedata.

Introduction User Guide Admin Guide Glossary Releases

OIDC — Google IdP tutorial

Tutorial for configuring a Google OpenID Connect client, required to enable the login method with a Google account.

Prerequisites

  • An already deployed Onezone instance — see here for instructions.
  • Access to a Google account.

Procedure

  1. Login to Google https://accounts.google.com.

  2. Open https://search.google.com/search-console and add the Onezone service domain. You will find the link in the left upper corner.

  3. Copy and save the Google verification token.

  4. Place a static DNS TXT record with the token in the overlay.config. For a docker-compose deployment, you will find it at data/persistence/configs/overlay.config:

    [
    {oz_worker, [
        % preexisting entries ...

        {dns_static_txt_records, [
            {<<>>, <<"google-site-verification=abcdefgh123456789QWERTYUIASDFG-ZXCVBNqwerty">>}
        ]}
    ]}
].
    NOTE

    Make sure the config file is mounted in the Onezone container.

  5. Restart Onezone for the new config to be picked up.

  6. When Onezone is ready, click Verify in the Google UI.

  7. Open https://console.developers.google.com

  8. Create a new project or switch to an existing one.

  9. Add your domain: API → domain verification → add domain → enter domain → add domain.

  10. Configure the consent screen: API- → OAuth consent screen → external → create → fill(application name, logo, email, authorized domain) → Save.

  11. Create credentials: API → Credentials → CREATE CREDENTIALS → OAuth Client ID → Web Application → fill(name: “onedata”, Authorized JavaScript origins: https://example.com, Authorized redirect URIs: https://example.com/validate_login) → Create.

  12. Place the credentials (client ID and secret) in auth.config (see here for more datails). For example:

            {google, #{
            % Configuration of the login page button
            displayName => "Google",
            iconPath => "/assets/images/auth-providers/google.svg",
            iconBackgroundColor => "#F1514F",

            % Which protocol is used for this IdP
            protocol => openid,
            % Configuration specific for OpenID protocol - overrides the default
            protocolConfig => #{
                plugin => default_oidc_plugin,
                pluginConfig => #{
                    clientId => "123-qwertyuiopasdfghjkl1234567890zxc.apps.googleusercontent.com",
                    clientSecret => "ZXCVBNMasdfghjkl1234567-",
                    endpoints => #{
                        xrds => "https://accounts.google.com/.well-known/openid-configuration"
                    }
                }
            }
        }},

  13. Restart Onezone.

    $ sudo systemctl restart onezone