Internal Documentation
Status
  • πŸ‘‹Welcome
    • πŸ—‚οΈWhat is this?
    • πŸ•Quick Start
    • πŸ’ΈBilling
  • πŸ—ƒοΈExternal Links
    • πŸ—„οΈPublic Documentation
    • πŸ“‹Private GitHub
    • πŸ“‹Public GitHub
    • πŸ—»NetData
    • πŸ“ŠTrello
    • πŸ•°οΈService Monitoring
  • πŸ“Policies
    • Authentication, Access and Accounts
    • Issue and Project Tracking
    • Creation and Managment of Servers or Services
    • Monitoring and Alerting
    • External Access to Systems
    • Management of Documentation
  • πŸ“‹Processes
    • ❔Deploy new Container Stack
    • Limit Bandwidth to Container
    • ❔Create new Virtual Machine
    • Disaster Recovery
    • Port Forwarding or Tunneling a Service
    • Crowdsec Modules
    • Internal IP Range Change
    • SSH Keys
    • Increase Disk on VM
    • Add Wireguard Client
    • ❔New Domain
    • DNS Management
  • πŸ—ΊοΈService Overviews
    • Websites
    • Portainer and GitOps
    • Content Creation
      • Davinci Resolve Server
    • Plex Suite
      • Tdarr
      • Maintainerr
      • Dashdot
      • Overseerr
      • Bazarr
      • Wizarr
      • Plex
      • Tautulli
      • MovieMatch
      • Prowlarr
      • Radarr
      • Sonarr
      • Lidarr
      • FlareSolverr
      • qBittorrent
      • SabNZBD
      • Huntarr
    • Pterodactyl
    • Home Automation & Physical Security
      • Google Assistant
      • Tuya Cloud
      • Home Assistant
    • Infrastructure
      • ❔Cloudflare
      • NextDNS
      • UniFi
      • Synology NAS
      • Proxmox VE
      • Vultr
      • ❔CyberPower PowerPanel & UPS
    • Maintenance & Monitoring
      • AutoHeal
      • Proxmox Backup Server
      • Duplicati
      • Google Drive Sync
      • Ansible
      • UptimeKuma
      • NetData
      • NetbootXYZ
    • Security
      • Bitwarden
      • Google OpenID Auth
      • Wazuh
      • CrowdSec
    • Remote Access
      • Cloudflare Zero Trust
      • ❔UniFi - Wireguard
      • Kasm
    • Other Adhoc Apps
      • ISponsorBlockTV
      • Homebox
      • ❔Hosted Discord Bots
      • LibreChat
      • Imgur
      • Morphos
      • Zapier
      • EpicGames Free Games
      • GitBook
      • Trello
      • StirlingPDF
      • ❔MeTube
    • ❔OpenAI
  • πŸ–₯️Physical Hardware
    • Macaroni
    • Fettuccine
    • Linguine
    • UniFi
  • ‼️Troubleshooting
    • An Introduction...
    • UptimeKuma alerts
    • Portainer
    • Pterodactyl
  • πŸ“–-- Administration --
    • πŸ“ŽGitbook Templates
      • Guide - Root Page
      • Guide - New Docker App
      • Hardware Overview
      • App Overview - Externally Hosted
      • App Overview - Container
      • Miniguide - Compose
      • App Overview - Hosted Discord Bot
Powered by GitBook
On this page
  • How to get the Client ID and Client Secret
  • Enabling OpenID Authentication on a Service
  • Add OAuth / OpenID detials to Application
  • Add application redirect URL to Google OAuth app
  • Test Authentication

Was this helpful?

  1. Service Overviews
  2. Security

Google OpenID Auth

PreviousBitwardenNextWazuh

Last updated 1 year ago

Was this helpful?

Where possible, all services should be set up to use the Google OAuth client. If the service automatically creates accounts and grants permissions when logging in, the service must be behind a Cloudflare Application with the applied

How to get the Client ID and Client Secret

  1. Log into the (this link should take you to the 'XFGN and AGG auth' project

  2. On the left, click on Credentials

  3. Click on 'A Gamers Grind / XFGN'

  4. Take note of the Client ID and Client Secret on the right

Enabling OpenID Authentication on a Service

Google, google, google.

Google is your best friend in this scenario, but here are the generic Google OAuth details

Add OAuth / OpenID detials to Application

Field
URL

Client ID

Get from the Cloud Console

Client Secret

Get from the Cloud Console

Authorization URL

Access Token URL

Resource URL

Redirect URL

URL of app (refer to apps documentation)

Username

email (refer to apps documentation)

Scope

openid, email, username, profile (refer to apps documentation

These URLs were current as of 11/06/2023

Add application redirect URL to Google OAuth app

  1. Add the applications domain to 'Authorized JavaScript origins'

  2. Add the applications redirect URL to 'Authorized redirect URIs'

  3. Click on Save

Test Authentication

Log out of the app and try logging in with your Google account. If you have issues, refer to the applications documentation.

If signing in with a new Google account automatically creates an account, ensure the app is secured behind a Cloudflare Application to reduce the risk of unwanted access

Follow to access the OAuth settings

πŸ—ΊοΈ
these steps
https://accounts.google.com/o/oauth2/auth
https://accounts.google.com/o/oauth2/token
https://www.googleapis.com/oauth2/v1/userinfo?alt=json
Google Cloud Console
Bypass & Email Auth rules