Configuring Google OAuth2
You must register your thingshub tennat with Google in order to use Google OAuth2 with thingshub. You will need the client ID and client secret key that Google generates for you after the registration.
Configure Oauth and register Thingshub in Google Workspace
Open https://console.developers.google.com/apis/credentials in your browser.
Sign in with a Google account with appropriate privilege, if not done already.
Click on
Create Credentialsand then click onOAuth Client IDfrom the dropdown.In the dropdown for
Application TypeselectWeb Application.Type Thingshub SSO in the
NamefieldClick on the
ADD URIbutton in theAuthorised JavaScript originssection and type the domain address of your thingshub tenant. This is the address where your thingshub system is running.
(Eg: https://foo-bar.thingshub.smartmakers.de)Click on the
ADD URIbutton in theAuthorised Redirect URIssection and type the domain address of your thingshub tenant followed by the path/google-oauth2/callback. This is the address that Google will redirect to after the authentication is complete, be it successful or failure.
(Eg: https://foo-bar.thingshub.smartmakers.de/google-oauth2/callback)Click on
CreateCopy
Client IDandClient Secretvalues.
Enable and configure Google OAuth2 in Thingshub
global:
domain: foo.bar.com
tenant_mode: trackinghub
...
identity_providers:
google_oauth2:
enabled: true
params:
client_id: <Client ID from above>
client_secret: <Client Secret from above>
auth_url: "https://accounts.google.com/o/oauth2/auth"
token_url: "https://oauth2.googleapis.com/token"
user_info_url: "https://www.googleapis.com/oauth2/v2/userinfo?access_token="
scopes:
- openid
- "https://www.googleapis.com/auth/userinfo.email"
button:
logo: "data:image/png;base64,iVBORw0KG........"
text: "Sign-in with Google"
btn_color: "#B12B28"
text_color: "#402306"
...
google_oauth2 configurations:
enabled: The enabled flag is used to togglegoogle_oauth2on or off.params: This block provides the configurations for thingshub to setgoogle_oauth2client_id: This is the ID of the thingshub client registered to the Google Workspace which is provided during client registration.client_secret: This is the secret the Google Workspace provides for the thingshub client during client registration.auth_url: This is the endpoint that thingshub uses to interact with Google Workspace to get the authorization to access the user data through the consent screen after you are logged-in.token_url: This is the endpoint that thingshub uses to getaccess tokensby exchanging the authorization code it gets from theauth_url.user_info_url: This is the endpoint that thingshub uses to get the consented Google user data to be used for Thinshub users.scopes: The scopes parameter is a list of OAuth 2.0 scopes allowing user to configure multiple scopes at a time.
A scope is a URI string that OAuth 2.0 provides to the Google Workspace to let it know what data thingshub wants to access. The Workspace then sees if its user itself has access for the said data and if it has consented to sharing it with thingshub. Thingshub expects the following scopes to be available:"email"
The appropriate scope can be selected from the available Google API scopes from https://developers.google.com/identity/protocols/oauth2/scopesFor getting the user email, the scope is: "https://www.googleapis.com/auth/userinfo.email”
button: The button block holds the theme for the button forGoogle OAuthdisplayed on the thingshub login page.logo: It is the base64 encoded string of the image to be displayed in the login button forGoogle OAuth. The base64 encoding should be inData URIformat.text: Text is the message to be displayed in the login button forGoogle OAuth.btn_color: It sets the color of the login button forGoogle OAuth.text_color: It sets the color of the message in thetextfield that is to be shown in the login button forGoogle OAuth