mirror of https://github.com/zulip/zulip.git
55 lines
2.2 KiB
Markdown
55 lines
2.2 KiB
Markdown
# Google & GitHub authentication with OAuth 2
|
|
|
|
Among the many [authentication methods](prod-authentication-methods.html)
|
|
we support, a server can be configured to allow users to sign in with
|
|
their Google accounts or GitHub accounts, using the OAuth protocol.
|
|
|
|
## Testing OAuth in development
|
|
|
|
Because these authentication methods involve an interaction between
|
|
Zulip, an external service, and the user's browser, and particularly
|
|
because browsers can (rightly!) be picky about the identity of sites
|
|
you interact with, the preferred way to set them up in a development
|
|
environment is to set up the real Google and GitHub to process auth
|
|
requests for your development environment.
|
|
|
|
The steps to do this are a variation of the steps documented in
|
|
`prod_settings_template.py`. Here are the full procedures for dev:
|
|
|
|
### Google
|
|
|
|
* Visit https://console.developers.google.com and navigate to "APIs &
|
|
services" > "Credentials". Create a "Project" which will correspond
|
|
to your dev environment.
|
|
|
|
* Navigate to "APIs & services" > "Library", and find the "Google+
|
|
API". Choose "Enable".
|
|
|
|
* Return to "Credentials", and select "Create credentials". Choose
|
|
"OAuth client ID", and follow prompts to create a consent screen, etc.
|
|
For "Authorized redirect URIs", fill in
|
|
`https://zulipdev.com:9991/accounts/login/google/done/` .
|
|
|
|
* You should get a client ID and a client secret. Copy them. In
|
|
`dev_settings.py`, set `GOOGLE_OAUTH2_CLIENT_ID` to the client ID,
|
|
and in `dev-secrets.conf`, set `google_oauth2_client_secret` to the
|
|
client secret.
|
|
|
|
* Uncomment `'zproject.backends.GoogleMobileOauth2Backend'` in
|
|
`AUTHENTICATION_BACKENDS` in `dev_settings.py`.
|
|
|
|
### GitHub
|
|
|
|
* Register an OAuth2 application with GitHub at one of
|
|
https://github.com/settings/developers or
|
|
https://github.com/organizations/ORGNAME/settings/developers.
|
|
Specify `http://zulipdev.com:9991/complete/github/` as the callback URL.
|
|
|
|
* You should get a page with settings for your new application,
|
|
showing a client ID and a client secret. In `dev_settings.py`, set
|
|
`SOCIAL_AUTH_GITHUB_KEY` to the client ID, and in
|
|
`dev-secrets.conf`, set `social_auth_github_secret` to the client secret.
|
|
|
|
* Uncomment `'zproject.backends.GitHubAuthBackend'` in
|
|
`AUTHENTICATION_BACKENDS` in `dev_settings.py`.
|