paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-16 20:02:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
df8e156e50b98ec694cd907975eb45669a2dba87
zulip/docs/oauth.md
Greg Price 909631b5a9 docs/oauth: Update for Google UI changes, and for zulipdev.com. 
The control panel on the Google side doesn't seem to match the
instructions we have; it looks pretty 2017 to me, so I imagine
it's had a redesign since the instructions were written.

Also, in dev, EXTERNAL_HOST is now a port on zulipdev.com, not on
localhost.

Update these instructions for those developments, and edit lightly.
In dev, recommend setting in `dev_settings` instead of in
`prod_settings_template`; that feels to me a little more reflective of
the actual intent, and the effect should be equivalent.
2017-11-03 13:38:59 -07:00

55 lines
2.2 KiB
Markdown
Raw Blame History

# Google & GitHub authentication with OAuth 2
Among the many [authentication methods](prod-authentication-methods.html)
we support, a server can be configured to allow users to sign in with
their Google accounts or GitHub accounts, using the OAuth protocol.
## Testing OAuth in development
Because these authentication methods involve an interaction between
Zulip, an external service, and the user's browser, and particularly
because browsers can (rightly!) be picky about the identity of sites
you interact with, the preferred way to set them up in a development
environment is to set up the real Google and GitHub to process auth
requests for your development environment.
The steps to do this are a variation of the steps documented in
`prod_settings_template.py`. Here are the full procedures for dev:
### Google
* Visit https://console.developers.google.com and navigate to "APIs &
services" > "Credentials". Create a "Project" which will correspond
to your dev environment.
* Navigate to "APIs & services" > "Library", and find the "Google+
API". Choose "Enable".
* Return to "Credentials", and select "Create credentials". Choose
"OAuth client ID", and follow prompts to create a consent screen, etc.
For "Authorized redirect URIs", fill in
`https://zulipdev.com:9991/accounts/login/google/done/` .
* You should get a client ID and a client secret. Copy them. In
`dev_settings.py`, set `GOOGLE_OAUTH2_CLIENT_ID` to the client ID,
and in `dev-secrets.conf`, set `google_oauth2_client_secret` to the
client secret.
* Uncomment `'zproject.backends.GoogleMobileOauth2Backend'` in
`AUTHENTICATION_BACKENDS` in `dev_settings.py`.
### GitHub
* Register an OAuth2 application with GitHub at one of
https://github.com/settings/developers or
https://github.com/organizations/ORGNAME/settings/developers.
Specify `http://zulipdev.com:9991/complete/github/` as the callback URL.
* You should get a page with settings for your new application,
showing a client ID and a client secret. In `dev_settings.py`, set
`SOCIAL_AUTH_GITHUB_KEY` to the client ID, and in
`dev-secrets.conf`, set `social_auth_github_secret` to the client secret.
* Uncomment `'zproject.backends.GitHubAuthBackend'` in
`AUTHENTICATION_BACKENDS` in `dev_settings.py`.
Reference in New Issue View Git Blame Copy Permalink