archive/phabricator
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Add Google as an OAuth2 provider (BETA)

Browse Source 
Summary:
This is pretty straightforward, except:

  - We need to request read/write access to the address book to get the account
ID (which we MUST have) and real name, email and account name (which we'd like
to have). This is way more access than we should need, but there's apparently no
"get_loggedin_user_basic_information" type of call in the Google API suite (or,
at least, I couldn't find one).
  - We can't get the profile picture or profile URI since there's no Plus API
access and Google users don't have meaningful public pages otherwise.
  - Google doesn't save the fact that you've authorized the app, so every time
you want to login you need to reaffirm that you want to give us silly amounts of
access. Phabricator sessions are pretty long-duration though so this shouldn't
be a major issue.

Test Plan:
  - Registered, logged out, and logged in with Google.
  - Registered, logged out, and logged in with Facebook / Github to make sure I
didn't break anything.
  - Linked / unlinked Google accounts.

Reviewers: Makinde, jungejason, nh, tuomaspelkonen, aran

Reviewed By: aran

CC: aran, epriestley, Makinde

Differential Revision: 916
This commit is contained in:
epriestley
2011-09-08 16:37:22 -07:00
parent 4da43b31a3
commit 1620bce842
12 changed files with 263 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
src/docs/configuration/configuring_accounts_and_registration.diviner
View File

@@ -6,9 +6,9 @@ Describes how to configure user access to Phabricator.
= Overview =
Phabricator supports a number of login systems, like traditional
username/password, Facebook OAuth, and GitHub OAuth. You can enable or disable
these systems to configure who can register for and access your install, and
how users with existing accounts can login.
username/password, Facebook OAuth, GitHub OAuth, and Google OAuth. You can
enable or disable these systems to configure who can register for and access
your install, and how users with existing accounts can login.
By default, only username/password auth is enabled, and there are no valid
accounts. Start by creating a new account with the
@@ -106,6 +106,37 @@ immediately clear how to get there via the UI:
https://github.com/account/applications/
= Configuring Google OAuth =
You can configure Google OAuth to allow login, login and registration, or
nothing (the default).
To configure Google OAuth, create a new Google "API Project":
https://code.google.com/apis/console/
You don't need to enable any **Services**, just go to **API Access**, click
**"Create an OAuth 2.0 client ID..."**, and configure these settings:
- Click **More Options** next to **Authorized Redirect APIs** and add the
full domain (with protocol) plus ##/oauth/google/login/## to the list.
For example, ##https://phabricator.example.com/oauth/google/login/##
- Click **Create Client ID**.
Once you've created a client ID, edit your Phabricator configuration and set
these keys:
- **google.auth-enabled**: set this to ##true##.
- **google.application-id**: set this to your Client ID (from above).
- **google.application-secret**: set this to your Client Secret (from above).
- **google.registration-enabled**: set this to ##true## to let users register
with just Google credentials (this is a very open setting) or ##false## to
prevent users from registering. If set to ##false##, users may still link
existing accounts and use Google to login, they jus can't create new
accounts.
- **google.auth-permanent**: set this to ##true## to prevent unlinking
Phabricator accounts from Google accounts.
= Next Steps =
Continue by: