Google OpenID Auth
Where possible, all services should be set up to use the Google OAuth client. If the service automatically creates accounts and grants permissions when logging in, the service must be behind a Cloudflare Application with the Bypass & Email Auth rules applied
How to get the Client ID and Client Secret
Log into the Google Cloud Console (this link should take you to the 'XFGN and AGG auth' project
On the left, click on Credentials
Click on 'A Gamers Grind / XFGN'
Take note of the Client ID and Client Secret on the right
Enabling OpenID Authentication on a Service
Google, google, google.
Google is your best friend in this scenario, but here are the generic Google OAuth details
Add OAuth / OpenID detials to Application
| Field | URL |
|---|---|
Client ID | Get from the Cloud Console |
Client Secret | Get from the Cloud Console |
Authorization URL | |
Access Token URL | |
Resource URL | |
Redirect URL | URL of app (refer to apps documentation) |
Username | email (refer to apps documentation) |
Scope | openid, email, username, profile (refer to apps documentation |
These URLs were current as of 11/06/2023
Add application redirect URL to Google OAuth app
Follow these steps to access the OAuth settings
Add the applications domain to 'Authorized JavaScript origins'
Add the applications redirect URL to 'Authorized redirect URIs'
Click on Save
Test Authentication
Log out of the app and try logging in with your Google account. If you have issues, refer to the applications documentation.
If signing in with a new Google account automatically creates an account, ensure the app is secured behind a Cloudflare Application to reduce the risk of unwanted access
Last updated