Authenticating with Google Sign-In

Security Requirements and Controls

Step-by-step instructions for implementing Google Sign-In authentication in LogScale, including the creation of a Google Developer Console project, OAuth client ID setup, and configuration of authorized redirect URIs. The guide also covers essential security requirements and the necessary environment variables needed to enable Google authentication, with options for HTTP proxy settings and automatic user creation upon successful login.

Detailed setup instructions can be found in the Integrating Google Sign-In into your web app Google page.

  1. Create a Project from the Google Developer Console,

  2. Create an OAuth Client ID on the Credentials Page,

  3. Add an Authorized redirect URI: %PUBLIC_URL%/auth/google

    where %PUBLIC_URL% is the same value as LogScale is configured with. This can be http://localhost:8080/auth/google during development. Login will fail if the redirect_uri is not set correctly.

  4. Once your app is created you can configure LogScale to authenticate with Google, like this:

    ini
    AUTHENTICATION_METHOD=oauth
PUBLIC_URL=$YOUR_SERVERS_BASE_URL
GOOGLE_OAUTH_CLIENT_ID=$CLIENT_ID #The client_id from your Google OAuth App
GOOGLE_OAUTH_CLIENT_SECRET=$CLIENT_SECRET The #client_secret your Google OAuth App
AUTO_CREATE_USER_ON_SUCCESSFUL_LOGIN=true  # default is false

    To have calls to the token endpoint for Google use the cluster's HTTP proxy settings, add the GOOGLE_OAUTH_USE_HTTP_PROXY configuration and set the value to true.

    Read more about Configuration Variables.