Configuring Google Authentication
=================================
This document explains how to configure Zuul in order to enable authentication
with Google.
Prerequisites
-------------
* The Zuul instance must be able to query Google's OAUTH API servers. This
simply generally means that the Zuul instance must be able to send and
receive HTTPS data to and from the Internet.
* You must set up a project in `Google's developers console `_.
Setting up credentials with Google
----------------------------------
In the developers console, choose your project and click `APIs & Services`.
Choose `Credentials` in the menu on the left, then click `Create Credentials`.
Choose `Create OAuth client ID`. You might need to configure a consent screen first.
Create OAuth client ID
......................
Choose `Web application` as Application Type.
In `Authorized JavaScript Origins`, add the base URL of Zuul's Web UI. For example,
if you are running a yarn development server on your computer, it would be
`http://localhost:3000` .
In `Authorized redirect URIs`, write down the base URL of Zuul's Web UI followed
by "/t//auth_callback", for each tenant on which you want to enable
authentication. For example, if you are running a yarn development server on
your computer and want to set up authentication for tenant "local",
write `http://localhost:3000/t/local/auth_callback` .
Click Save. Google will generate a Client ID and a Client secret for your new
credentials; we will only need the Client ID for the rest of this How-To.
Configure Zuul
..............
Edit the ``/etc/zuul/zuul.conf`` to add the google authenticator:
.. code-block:: ini
[auth google_auth]
default=true
driver=OpenIDConnect
realm=my_realm
issuer_id=https://accounts.google.com
client_id=
Restart Zuul services (scheduler, web).
Head to your tenant's status page. If all went well, you should see a "Sign in"
button in the upper right corner of the page. Congratulations!
Further Reading
---------------
This How-To is based on `Google's documentation on their implementation of OpenID Connect `_.