2017-11-02 21:05:21 +01:00
|
|
|
# Google & GitHub authentication with OAuth 2
|
|
|
|
|
2017-11-08 17:55:36 +01:00
|
|
|
Among the many [authentication methods](../production/authentication-methods.html)
|
2017-11-02 21:05:21 +01:00
|
|
|
we support, a server can be configured to allow users to sign in with
|
|
|
|
their Google accounts or GitHub accounts, using the OAuth protocol.
|
|
|
|
|
|
|
|
## Testing OAuth in development
|
|
|
|
|
|
|
|
Because these authentication methods involve an interaction between
|
|
|
|
Zulip, an external service, and the user's browser, and particularly
|
|
|
|
because browsers can (rightly!) be picky about the identity of sites
|
|
|
|
you interact with, the preferred way to set them up in a development
|
|
|
|
environment is to set up the real Google and GitHub to process auth
|
|
|
|
requests for your development environment.
|
|
|
|
|
|
|
|
The steps to do this are a variation of the steps documented in
|
|
|
|
`prod_settings_template.py`. Here are the full procedures for dev:
|
|
|
|
|
|
|
|
### Google
|
|
|
|
|
2017-11-02 21:21:38 +01:00
|
|
|
* Visit https://console.developers.google.com and navigate to "APIs &
|
|
|
|
services" > "Credentials". Create a "Project" which will correspond
|
|
|
|
to your dev environment.
|
2017-11-02 21:05:21 +01:00
|
|
|
|
2017-11-02 21:21:38 +01:00
|
|
|
* Navigate to "APIs & services" > "Library", and find the "Google+
|
|
|
|
API". Choose "Enable".
|
2017-11-02 21:05:21 +01:00
|
|
|
|
2017-11-02 21:21:38 +01:00
|
|
|
* Return to "Credentials", and select "Create credentials". Choose
|
|
|
|
"OAuth client ID", and follow prompts to create a consent screen, etc.
|
|
|
|
For "Authorized redirect URIs", fill in
|
|
|
|
`https://zulipdev.com:9991/accounts/login/google/done/` .
|
2017-11-02 21:05:21 +01:00
|
|
|
|
2017-11-02 21:21:38 +01:00
|
|
|
* You should get a client ID and a client secret. Copy them. In
|
|
|
|
`dev_settings.py`, set `GOOGLE_OAUTH2_CLIENT_ID` to the client ID,
|
|
|
|
and in `dev-secrets.conf`, set `google_oauth2_client_secret` to the
|
|
|
|
client secret.
|
2017-11-02 21:05:21 +01:00
|
|
|
|
2017-11-02 21:21:38 +01:00
|
|
|
* Uncomment `'zproject.backends.GoogleMobileOauth2Backend'` in
|
|
|
|
`AUTHENTICATION_BACKENDS` in `dev_settings.py`.
|
2017-11-02 21:05:21 +01:00
|
|
|
|
|
|
|
### GitHub
|
|
|
|
|
|
|
|
* Register an OAuth2 application with GitHub at one of
|
2017-11-02 21:21:38 +01:00
|
|
|
https://github.com/settings/developers or
|
|
|
|
https://github.com/organizations/ORGNAME/settings/developers.
|
|
|
|
Specify `http://zulipdev.com:9991/complete/github/` as the callback URL.
|
2017-11-02 21:05:21 +01:00
|
|
|
|
2017-11-02 21:21:38 +01:00
|
|
|
* You should get a page with settings for your new application,
|
|
|
|
showing a client ID and a client secret. In `dev_settings.py`, set
|
|
|
|
`SOCIAL_AUTH_GITHUB_KEY` to the client ID, and in
|
|
|
|
`dev-secrets.conf`, set `social_auth_github_secret` to the client secret.
|
2017-11-02 21:05:21 +01:00
|
|
|
|
2017-11-02 21:21:38 +01:00
|
|
|
* Uncomment `'zproject.backends.GitHubAuthBackend'` in
|
|
|
|
`AUTHENTICATION_BACKENDS` in `dev_settings.py`.
|