Skip to content

Recipe: Use Google Sign-In as OAuth provider

One feature STRATO users love is the single-sign-on (SSO) capability built-in to the platform with OAuth2 Protocol.

This feature allows users to log in with existing credentials (e.g. Google, Microsoft AD) removing the complication of extra usernames and passwords, which is great for both usability and security.

STRATO networks can be configured to use OpenID - the most popular OAuth2 implementation used by Google, Facebook, Microsoft and many others.

This guide will explain how to set up a STRATO network with Google Authorization which allows users to log in with their Google account chooser.

Google OAuth in One Command

On STRATO, OAuth is configured as part of setup. In this guide, we'll use the standard single node setup, but instead of the default ./strato --single launch command, our launch command will end up looking like this:


Get the OAuth Variables

As you can see, there are just a few variables we need to get this up-and-running.

  1. STRATO instance variables: HTTP_PORT and NODE_HOST

  2. HTTP_PORT - use port 8080

  3. NODE_HOST - use the IP address or domain name of your STRATO instance + port from above

    For example, if you're running STRATO locally, the value would be http://localhost:8080 In this example, our STRATO instance is, so our NODE_HOST value is


If you don’t already have a google OAuth 2.0 client, you set one up by following Google's provided instructions.

  • For security, add your STRATO instance's domain as an authorized domain for the OAuth consent screen

    In this example the authorized domain is the top-level domain.

  • To finish the setup, set the authorized redirect as your STRATO instance's IP address/DNS + port + /auth/openidc/return

    In this example the authorized redirect is

Once the client is set up, we'll have our OAUTH_CLIENT_ID and OAUTH_CLIENT_SECRET available

Lastly, for our OAUTH_DISCOVERY_URL we'll use the standard google OpenID configuration:


Now that we have all the configuration variables, we can launch STRATO:


Getting an access error? You need a valid STRATO License in order to access the STRATO docker images. If you are getting image not accessible errors then your license is not valid. You can purchase a license here. Once requested, we will contact you shortly to configure your license.

Log in with a Google Account

Once STRATO setup is complete - you will see STRATO has awoken - you can navigate to the page listed - in this example - and login with Google!

Log Out

Log out by clicking the 'Log Out' button.

After logging out, re-navigating to the STRATO instance will return you to the account chooser page.