Skip to content

Sign In Using Google Authorization

One feature STRATO users love is the single-sign-on (SSO) capability built-in to the platform with OAuth.

This feature allows users to log in with existing credentials (e.g. Google, Microsoft AD) removing the complication of extra usernames and passwords, which is great for both usability and security.

STRATO networks can be configured to use OpenID - the most popular OAuth2 implementation used by Google, Facebook, Microsoft and many others.

This guide will explain how to set up a STRATO network with Google Authorization which allows users to log in with their Google account chooser.

Google OAuth in one command

On STRATO, OAuth is configured as part of setup. In this guide, we'll use the standard single node setup, but instead of the default ./strato --single launch command, our launch command will end up looking like this:

HTTP_PORT=8080 NODE_HOST=your.domain.name:8080 OAUTH_ENABLED=true OAUTH_DISCOVERY_URL=YOURDISCURL OAUTH_CLIENT_ID=YOURCLIENTID OAUTH_CLIENT_SECRET=YOURSECRETKEY ./strato --single

Get the OAuth Variables

As you can see, there are just a few variables we need to get this up-and-running.

  1. STRATO instance variables: HTTP_PORT and NODE_HOST

    • HTTP_PORT - use port 8080
    • NODE_HOST - use the IP address or domain name of your STRATO instance + port from above

      For example, if you're running STRATO locally, the value would be http://localhost:8080 In this example, our STRATO instance is oauth-demo.blockapps.net, so our NODE_HOST value is oauth-demo.blockapps.net:8080

  2. Variables from Googles OAuth 2.0: OAUTH_DISCOVERY_URL, OAUTH_CLIENT_ID, and OAUTH_CLIENT_SECRET

    If you don’t already have a google OAuth 2.0 client, you set one up by following Google's provided instructions.

    • For security, add your STRATO instance's domain as an authorized domain for the OAuth consent screen

      In this example the authorized domain is the top-level blockapps.net domain.

    • To finish the setup, set the authorized redirect as your STRATO instance's IP address/DNS + port + /auth/openidc/return

      In this example the authorized redirect is http://oauth-demo.blockapps.net:8080/auth/openidc/return

    Once the client is set up, we'll have our OAUTH_CLIENT_ID and OAUTH_CLIENT_SECRET available

    Lastly, for our OAUTH_DISCOVERY_URL we'll use the standard google OpenID configuration: https://accounts.google.com/.well-known/openid-configuration.

Launch STRATO

Now that we have all the configuration variables, we can launch STRATO:

HTTP_PORT=8080 NODE_HOST=oauth-demo.blockapps.net:8080 OAUTH_ENABLED=true OAUTH_DISCOVERY_URL=https://accounts.google.com/.well-known/openid-configuration OAUTH_CLIENT_ID=YOURCLIENTID OAUTH_CLIENT_SECRET=YOURSECRETKEY ./strato --single

Getting an access error? You need a valid STRATO License in order to access the STRATO docker images. If you are getting image not accessible errors then your license is not valid. You can purchase a license here. Once requested, we will contact you shortly to configure your license.

Log in with a Google Account

Once STRATO setup is complete - you will see STRATO has awoken - you can navigate to the page listed - http://oauth-demo.blockapps.net:8080 in this example - and login with Google!

Logging Out

Log out by clicking the 'Log Out' button.

After logging out, re-navigating to the STRATO instance will return you to the account chooser page.