keycloak-scim/docbook/auth-server-docs/reference/en/en-US/modules/social-google.xml

67 lines
3.6 KiB
XML
Raw Normal View History

2016-02-03 10:20:22 +00:00
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<section id="social-google">
<title>Google</title>
<para>
To enable login with Google you first have to create a project and a client in the
<ulink url="https://cloud.google.com/console/project">Google Developer Console</ulink>. Then you need to copy
the client id and secret into the Keycloak Admin Console.
</para>
<orderedlist>
<listitem>
<para>
Log in to the <ulink url="https://cloud.google.com/console/project">Google Developer Console</ulink>. Click the
<literal>Create Project</literal> button. Use any value for <literal>Project name</literal> and
<literal>Project ID</literal> you want, then click the <literal>Create</literal> button. Wait for the project to
be created (this may take a while).
</para>
</listitem>
<listitem>
<para>
Once the project has been created click on <literal>APIs &amp; auth</literal> in sidebar on the left. To retrieve
user profiles the <literal>Google+ API</literal> has to be enabled. Scroll down to find it in the list. If its
status is <literal>OFF</literal>, click on <literal>OFF</literal> to enable it (it should move to the top of
the list and the status should be <literal>ON</literal>).
</para>
</listitem>
2014-09-08 13:07:51 +00:00
<listitem>
<para>
Now click on the <literal>Consent screen</literal> link on the sidebar menu on the left. You must specify
a project name and choose an email for the consent screen. Otherwise users will get a login error. There's
other things you can configure here like what the consent screen looks like. Feel free to play around with this.
</para>
</listitem>
<listitem>
<para>
Now click <literal>Credentials</literal> in the sidebar on the left. Then click
<literal>Create New Client ID</literal>. Select <literal>Web application</literal> as
<literal>Application type</literal>. Empty the <literal>Authorized Javascript origins</literal> textarea. In
<literal>Authorized redirect URI</literal> enter the <link linkend="social-callbackurl">social callback url</link>
for your realm. Click the <literal>Create Client ID</literal> button.
</para>
</listitem>
<listitem>
<para>
Copy <literal>Client ID</literal> and <literal>Client secret</literal> from the
<ulink url="https://cloud.google.com/console/project">Google Developer Console</ulink> into the settings
page in the Keycloak Admin Console as the <literal>Key</literal> and <literal>Secret</literal>. Then click
<literal>Save</literal> in the Keycloak Admin Console to enable login with Google.
</para>
</listitem>
</orderedlist>
</section>