Google OpenID Auth

Where possible, all services should be set up to use the Google OAuth client. If the service automatically creates accounts and grants permissions when logging in, the service must be behind a Cloudflare Application with the Bypass & Email Auth rules applied

How to get the Client ID and Client Secret

  1. Log into the Google Cloud Console (this link should take you to the 'XFGN and AGG auth' project

  2. On the left, click on Credentials

  3. Click on 'A Gamers Grind / XFGN'

  4. Take note of the Client ID and Client Secret on the right

Enabling OpenID Authentication on a Service

Google, google, google.

Google is your best friend in this scenario, but here are the generic Google OAuth details

Add OAuth / OpenID detials to Application

FieldURL

Client ID

Get from the Cloud Console

Client Secret

Get from the Cloud Console

Authorization URL

Access Token URL

Resource URL

Redirect URL

URL of app (refer to apps documentation)

Username

email (refer to apps documentation)

Scope

openid, email, username, profile (refer to apps documentation

These URLs were current as of 11/06/2023

Add application redirect URL to Google OAuth app

  1. Follow these steps to access the OAuth settings

  2. Add the applications domain to 'Authorized JavaScript origins'

  3. Add the applications redirect URL to 'Authorized redirect URIs'

  4. Click on Save

Test Authentication

Log out of the app and try logging in with your Google account. If you have issues, refer to the applications documentation.

If signing in with a new Google account automatically creates an account, ensure the app is secured behind a Cloudflare Application to reduce the risk of unwanted access

Last updated