Prerequisites
You have to assign your Simplifier URL into Google Developer Console and create the client id and secret
For more Information, read the official Google Documentation here.
General Settings
Mechanism settings
The following settings are needed for oAuth Authorization against Google.
| Display Name | The display name is shown on the login button. |
| Client ID | The client ID identifies the application and is defined by the configuration on the OAuth server. |
| Client Secret | The client secret authenticates the application and is defined by the configuration on the OAuth server. |
| Scope |
The scope determines which rights are gained with the access token. E.g. ‘profile’, ’email’, etc. for gaining rights to access the user profile/user email. For full Google Suite Integration we suggest the following scopes: https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/calendar.events https://mail.google.com/ https://www.googleapis.com/auth/contacts https://www.googleapis.com/auth/tasks https://www.googleapis.com/auth/documents
|
| Authorization Endpoint |
The authorization endpoint is the URL to which an authorization request is sent. Recommended Value: https://accounts.google.com/o/oauth2/auth |
| Token Endpoint |
The token endpoint is the URL to which an access token request is sent. Recommended Value: https://oauth2.googleapis.com/token |
| Redirect Endpoint | The redirect endpoint is the URL to which the browser is directed after successful authorization. This URL needs to be entered in the OAuth server configuration. |
| Additional Query Parameters | You can add additional query parameters, such as name and value. |
| Icon | The icon will be displayed on the login mask above the display name. |
| Profile URL |
The URL to which a user profile request is sent. Recommended Value: https://www.googleapis.com/userinfo/v2/me |
| Profile Path | The path which points to the user profile. E.g. ‘/’, ‘profile’, ‘profiles[0]’ etc. |
| Profile Verb | GET, POST, PUT |
User Detail
| First Name | The path which points to the entry of the user profile containing the first name. E.g. ‘givenName’, ‘person/firstName’, etc. |
| Last Name | The path which points to the entry of the user profile containing the last name. E.g. ‘surName’, ‘person/lastName’, etc. |
| E-Mail Address | The path which points to the entry of the user profile containing the email address. E.g. ‘mail’, ’emails[0]/value’, etc. |
| Mobile Phone Number | The path which points to the entry of the user profile containing the mobile phone number. E.g. ‘phone’, ‘phones/mobile’, etc. |
Test
The settings for OAuth 2.0 can be tested within the configuration. Since the test procedure includes several steps, it is necessary to save the settings first.
The assignment of an access token can be tested by pressing the ‘Test authentication’ button, while pressing the ‘Test profile extraction’ button initiates the complete OAuth 2.0 procedure, which assigns an access token and also collects a user profile with the required data.
Setup Single-Sign-On for Connector / Integration
If you have successfully authenticated against you external identity provider, you can setup your connector endpoints for passing through the oAuth Token.
