Recipe: Use Google Sign-In as OAuth provider
One feature STRATO users love is the single-sign-on (SSO) capability built-in to the platform with OAuth2 Protocol.
This feature allows users to log in with existing credentials (e.g. Google, Microsoft AD) removing the complication of extra usernames and passwords, which is great for both usability and security.
This guide will explain how to set up a STRATO network with Google Authorization which allows users to log in with their Google account chooser.
Google OAuth in One Command
On STRATO, OAuth is configured as part of setup. In this guide, we'll use the standard single node setup, but instead of the default
./strato --single launch command, our launch command will end up looking like this:
HTTP_PORT=8080 NODE_HOST=your.domain.name:8080 OAUTH_ENABLED=true OAUTH_DISCOVERY_URL=YOURDISCURL OAUTH_CLIENT_ID=YOURCLIENTID OAUTH_CLIENT_SECRET=YOURSECRETKEY ./strato --single
Get the OAuth Variables
As you can see, there are just a few variables we need to get this up-and-running.
STRATO instance variables:
HTTP_PORT- use port
NODE_HOST- use the
IP address or domain name of your STRATO instance+
For example, if you're running STRATO locally, the value would be
http://localhost:8080In this example, our STRATO instance is
oauth-demo.blockapps.net, so our
Variables from Googles OAuth 2.0:
If you don’t already have a google OAuth 2.0 client, you set one up by following Google's provided instructions.
For security, add your STRATO instance's domain as an
authorized domainfor the OAuth consent screen
In this example the authorized domain is the top-level
To finish the setup, set the
authorized redirectas your
STRATO instance's IP address/DNS+
In this example the
authorized redirectis http://oauth-demo.blockapps.net:8080/auth/openidc/return
Once the client is set up, we'll have our
Lastly, for our
OAUTH_DISCOVERY_URL we'll use the standard google OpenID configuration:
Now that we have all the configuration variables, we can launch STRATO:
HTTP_PORT=8080 NODE_HOST=oauth-demo.blockapps.net:8080 OAUTH_ENABLED=true OAUTH_DISCOVERY_URL=https://accounts.google.com/.well-known/openid-configuration OAUTH_CLIENT_ID=YOURCLIENTID OAUTH_CLIENT_SECRET=YOURSECRETKEY ./strato --single
Getting an access error? You need a valid STRATO License in order to access the STRATO docker images. If you are getting
image not accessibleerrors then your license is not valid. You can purchase a license here. Once requested, we will contact you shortly to configure your license.
Log in with a Google Account
Once STRATO setup is complete - you will see
STRATO has awoken - you can navigate to the page listed -
http://oauth-demo.blockapps.net:8080 in this example - and login with Google!
Log out by clicking the 'Log Out' button.
After logging out, re-navigating to the STRATO instance will return you to the account chooser page.