LS-Auth integration with google as IDP (OAuth)

Below are instructions to set up google as an IDP for LSAuth using OAuth.

Create an OAuth client ID in google

1. Go to the Google Cloud Platform Console.

2. From the projects list, select a project or create a new one.

3. If the APIs & services page isn't already open, open the console left side menu and select APIs & services.

4. On the left, click Credentials.

5. Click New Credentials, then select OAuth client ID.

6. Select “Web Application” ,Provide Name , Authorized Java Script origins, Authorized redirect URL. URLs for LSAuth env can be found at https://labshare.atlassian.net/wiki/spaces/LA/pages/682000386/LS-Auth+Quick+Links#Callback%2FACS-and-Federated-Logout-URLs

1. It is your first time creating a client ID, you can also configure your consent screen by clicking Consent Screen. (The following procedure explains how to set up the Consent screen.) You won't be prompted to configure the consent screen after you do it the first time.

2. Click Create client ID

3. Note down the Client ID and Client Secret shown on the screen

(To delete a client ID, go to the Credentials page, check the box next to the ID, and then click Delete.)

Create the Identity Provider Configuration in LSAuth

• Log into the LS Auth console and select the tenant that you will use.

• Select “Providers” in the left nav menu and click the “Add New” button.

<!-- -->

• Create a new Provider of type google-oauth

• Enter the Client ID and Client secret (Copied from the configuration on google)

• Enter https://accounts.google.com/o/oauth2/token for token URL

• Select scopes https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email

NOTE: When you are logging in for the first time, Google will ask for user confirmation on access request .

References:

https://support.google.com/cloud/answer/6158849?hl=en