Google Authentication Type
Permalink
I was hoping to enable the Google Authentication type. Having some trouble and cant find any detailed documentation.
First I have an important general question: Is the google account log-in associated with a registered user Concrete5 account on my site? If so, how is this done?
Meanwhile, I'm having issues with the basic set up. I created credentials, following instructions onhttps://auth0.com/docs/connections/social/google... and entered them into the google authentication type in concrete5.
When attempting to log in using google, I get redirected to a google error page.Error: redirect_uri_mismatch: The redirect URI in the request,http://staging.austinquakers.org/ccm/system/authentication/oauth2/g... does not match the ones authorized for the OAuth client. Any clues for me?
I have entered the home page of my site as an authorized redirect.
First I have an important general question: Is the google account log-in associated with a registered user Concrete5 account on my site? If so, how is this done?
Meanwhile, I'm having issues with the basic set up. I created credentials, following instructions onhttps://auth0.com/docs/connections/social/google... and entered them into the google authentication type in concrete5.
When attempting to log in using google, I get redirected to a google error page.Error: redirect_uri_mismatch: The redirect URI in the request,http://staging.austinquakers.org/ccm/system/authentication/oauth2/g... does not match the ones authorized for the OAuth client. Any clues for me?
I have entered the home page of my site as an authorized redirect.
Thanks for this. But then question is, what is supposed to be on that page? I suspect that is it some kind of virtual URL, a callback, that is a piece of the authentication sequence and not a real "page" at all.
I wondered if it were something Concrete5 is supposed to provide as part of the Google authentication set up.
I wondered if it were something Concrete5 is supposed to provide as part of the Google authentication set up.
Yes absolutely. A URL doesn't have to be to a page. This is a URL to a callback function.
When the user logs in Google, Google needs a way to send back the information to Concrete5. So using that callback URL, Google tells Concrete5: this user just logged into my services and they're legit and I'm sending you this proof back.
Concrete5 receives that information checks that it is correct and logs the user into the website. It then saves the information locally so, for a time, maybe 2 weeks, the user doesn't have to log in again.
Once that's done the now logged in user is redirected to a page, usually the home page.
When the user logs in Google, Google needs a way to send back the information to Concrete5. So using that callback URL, Google tells Concrete5: this user just logged into my services and they're legit and I'm sending you this proof back.
Concrete5 receives that information checks that it is correct and logs the user into the website. It then saves the information locally so, for a time, maybe 2 weeks, the user doesn't have to log in again.
Once that's done the now logged in user is redirected to a page, usually the home page.
This what I figured. But still don't know how to proceed. Is this call back something that is supposed to be implemented in Concrete5, but in my case is not? Or am I supposed to implement or enable it some how? Or, perhaps it is implemented but Google is sending to the wrong URL due to a configuration error or something.
As far as I know, when you create your app in Google to get your ID and secret key, you should have an option somewhere in Google where you set and authorize the callback URL.
I haven't tried to implement it myself so I am not sure how to proceed. But if you Google "google authentication callback" I am sure you will get plenty of answers
I haven't tried to implement it myself so I am not sure how to proceed. But if you Google "google authentication callback" I am sure you will get plenty of answers
Attempting to duplicate your issue in a site with concrete5 v8.3.2 I opened the dashboard and navigated to System & Setting -> Login and Registration -> Authentication Types.
Once there I see five default Authentication types, 1 concrete, 2 community, 3 facebook, 4 twitter, 5 google. Note that **Auth0** is NOT listed in my screen, and it is not immediately clear from the dashboard as an administrative user how to add another authentication type. As you probably know Auth0 provides amazing single sign on features from multiple vendors, however it appears unsupported in the version of concrete5 I am testing, therefor my first suggestion is separate (for now) and isolate your Auth0 troubleshooting and only work with the Google part of it. For example ignore any Auth0 instructions.
Click on the Google authentication type to bring up the AppID form. At the bottom of the form 'Click here' to obtain keys from Google. After signing in to Google with your Google user account you will be directed to a project screen. If it is not already there create a new project for your website. Click on the project. Then you will have to sign up for Google Cloud Identity services which appear to be an alternative to Auth0.
If what you really want is Auth0, then it looks like what you will need is explained tersely athttps://auth0.com/authenticate/laravel/auth0-oidc/... which requires some concrete5 code customization. Based on issuehttps://github.com/concrete5/concrete5/issues/6729... it looks like this feature might not be available yet, or maybe I am misunderstanding that issue.
I realize that these are not complete instructions as I did not continue elaboration of the Google steps, but I hope it is somewhat helpful.
Once there I see five default Authentication types, 1 concrete, 2 community, 3 facebook, 4 twitter, 5 google. Note that **Auth0** is NOT listed in my screen, and it is not immediately clear from the dashboard as an administrative user how to add another authentication type. As you probably know Auth0 provides amazing single sign on features from multiple vendors, however it appears unsupported in the version of concrete5 I am testing, therefor my first suggestion is separate (for now) and isolate your Auth0 troubleshooting and only work with the Google part of it. For example ignore any Auth0 instructions.
Click on the Google authentication type to bring up the AppID form. At the bottom of the form 'Click here' to obtain keys from Google. After signing in to Google with your Google user account you will be directed to a project screen. If it is not already there create a new project for your website. Click on the project. Then you will have to sign up for Google Cloud Identity services which appear to be an alternative to Auth0.
If what you really want is Auth0, then it looks like what you will need is explained tersely athttps://auth0.com/authenticate/laravel/auth0-oidc/... which requires some concrete5 code customization. Based on issuehttps://github.com/concrete5/concrete5/issues/6729... it looks like this feature might not be available yet, or maybe I am misunderstanding that issue.
I realize that these are not complete instructions as I did not continue elaboration of the Google steps, but I hope it is somewhat helpful.
You say you have authorized your homepage for redirect and the error says the redirect provided, which is not authorized, ishttp://staging.austinquakers.org/ccm/system/authentication/oauth2/g...
And that one, I'm going to guess, is not your homepage.
So you probably need to set the above URL as the authorized one. That being said purely based on what you're describing so I might be wrong.