Google Sign in usage: Difference between revisions

Latest revision as of 16:47, 8 January 2026

Enable users to log into VoIPmonitor GUI using their Google accounts via OAuth 2.0.

Overview

Google Sign-In maps a user's Google email to a VoIPmonitor profile to assign permissions. The matching logic:

Direct Email Match: Username matches the Google email exactly.
Secure Users List: Email found in "Gmail emails" field under user's "Secure users" tab.
Default Fallback: User marked as "Default Google Sign-In email" receives all unmatched logins.

Configuration

Step 1: Create Google OAuth Credentials

Go to Google Cloud Console > APIs & Credentials
Click + CREATE CREDENTIALS → OAuth client ID
Configure:
- Application type: Web application
- Name: e.g., "VoIPmonitor GUI Login"
- Authorized JavaScript origins: Your GUI URL (e.g., https://voipmonitor.example.com)
- Authorized redirect URIs: Same as above (optional but recommended)
Copy the generated Client ID

⚠️ Warning: The Authorized JavaScript origins URL must exactly match your GUI URL, including https://. This is the most common cause of login failures.

Step 2: Configure VoIPmonitor GUI

Navigate to Settings → System Configuration → Authentication:

Option	Value	Description
Enable Google Sign in	Yes	Activates the feature
Google client ID	your-client-id	From Google Cloud Console
Don't display local login form	Yes/No	Hides username/password form (optional)
Don't display Google Sign in button	Yes/No	Temporarily hides Google button (optional)

Step 3: Map Users

Ensure users exist in Settings → Users with one of:

Username matching Google email exactly
Google email added to user's Secure users tab → "Gmail emails" field
One user designated as Default Google Sign-In email (Basic data tab)

Troubleshooting

Problem	Cause	Solution
Blank window after clicking Sign-In	Incorrect "Authorized JavaScript origins" in Google Console	Verify URL matches exactly, including `https://`
Unable to log in or set password	Account configuration issues (common with Cloud Trial)	Create a new user account instead
SSO fails behind reverse proxy (AWS ALB, Nginx)	Proxy terminates SSL, GUI sees HTTP	Add header: `proxy_set_header X-Forwarded-Proto $scheme;`
Redirect loops	Missing protocol header behind proxy	See Nginx for complete proxy configuration

Advanced: Custom Login Scripts

Google Sign-In works with custom login scripts:

VoIPmonitor passes the authenticated email to your script
Script must return JSON per Custom Login API
GUI-defined users take precedence over script-authenticated users

AI Summary for RAG

Summary: Guide for integrating Google Sign-In (OAuth 2.0) with VoIPmonitor GUI. User mapping uses three methods: (1) direct email match, (2) "Secure users" Gmail list, (3) default fallback user. Configuration requires creating OAuth client ID in Google Cloud Console with correct "Authorized JavaScript origins" URL (must match exactly including https://), then enabling in GUI under Settings → System Configuration → Authentication. Common issues: blank window (URL mismatch), SSO failures behind reverse proxy (add X-Forwarded-Proto header).

Keywords: google sign-in, oauth, oauth2, login, authentication, sso, single sign-on, client id, google cloud console, authorized javascript origins, user mapping, secure users, default fallback user, gmail, reverse proxy, X-Forwarded-Proto, AWS ALB, redirect loop, nginx proxy

Key Questions:

How do I enable Google Sign-In for VoIPmonitor GUI?
How do I create an OAuth client ID in Google Cloud Console?
Where do I configure the Google Client ID in VoIPmonitor?
Why do I see a blank window after clicking "Sign in with Google"?
How does VoIPmonitor map a Google email to a user profile?
What are the three methods for mapping Google users to VoIPmonitor profiles?
Can I use Google Sign-In with a custom login script?
What is the "Authorized JavaScript origins" setting and why is it important?
Why does Google Sign-In fail behind a reverse proxy or AWS ALB?
How do I fix redirect loops with Google Sign-In behind Nginx?

@@ Line 1: / Line 1: @@
+{{DISPLAYTITLE:How to Set Up Google Sign-In (OAuth)}}
+'''Enable users to log into VoIPmonitor GUI using their Google accounts via OAuth 2.0.'''
+== Overview ==
+Google Sign-In maps a user's Google email to a VoIPmonitor profile to assign permissions. The matching logic:
+# '''Direct Email Match:''' Username matches the Google email exactly.
+# '''Secure Users List:''' Email found in "Gmail emails" field under user's "Secure users" tab.
+# '''Default Fallback:''' User marked as "Default Google Sign-In email" receives all unmatched logins.
+<kroki lang="mermaid">
+%%{init: {'flowchart': {'nodeSpacing': 15, 'rankSpacing': 40}}}%%
+flowchart TD
+    A[User clicks Google Sign-In] --> B[Google OAuth]
+    B --> C{Direct Email Match?}
+    C -->|Yes| D[Use matched user]
+    C -->|No| E{In Secure Users list?}
+    E -->|Yes| F[Use that profile]
+    E -->|No| G{Default user exists?}
+    G -->|Yes| H[Use default user]
+    G -->|No| I[Login denied]
+</kroki>
 == Configuration ==
-* it's disabled by default
+=== Step 1: Create Google OAuth Credentials ===
+# Go to [https://console.cloud.google.com/apis/credentials Google Cloud Console > APIs & Credentials]
+# Click '''+ CREATE CREDENTIALS''' → '''OAuth client ID'''
+# Configure:
+#* '''Application type:''' Web application
+#* '''Name:''' e.g., "VoIPmonitor GUI Login"
+#* '''Authorized JavaScript origins:''' Your GUI URL (e.g., <code>https://voipmonitor.example.com</code>)
+#* '''Authorized redirect URIs:''' Same as above (optional but recommended)
+# Copy the generated '''Client ID'''
+{{Warning|1=The '''Authorized JavaScript origins''' URL must exactly match your GUI URL, including <code>https://</code>. This is the most common cause of login failures.}}
+=== Step 2: Configure VoIPmonitor GUI ===
+Navigate to '''Settings → System Configuration → Authentication''':
+{| class="wikitable"
+! Option !! Value !! Description
+|-
+| Enable Google Sign in || Yes || Activates the feature
+|-
+| Google client ID || ''your-client-id'' || From Google Cloud Console
+|-
+| Don't display local login form || Yes/No || Hides username/password form (optional)
+|-
+| Don't display Google Sign in button || Yes/No || Temporarily hides Google button (optional)
+|}
+=== Step 3: Map Users ===
+Ensure users exist in '''Settings → Users''' with one of:
+* Username matching Google email exactly
+* Google email added to user's '''Secure users''' tab → "Gmail emails" field
+* One user designated as '''Default Google Sign-In email''' (Basic data tab)
+== Troubleshooting ==
+{| class="wikitable"
+! Problem !! Cause !! Solution
+|-
+| '''Blank window after clicking Sign-In''' || Incorrect "Authorized JavaScript origins" in Google Console || Verify URL matches exactly, including <code>https://</code>
+|-
+| '''Unable to log in or set password''' || Account configuration issues (common with Cloud Trial) || Create a new user account instead
+|-
+| '''SSO fails behind reverse proxy''' (AWS ALB, Nginx) || Proxy terminates SSL, GUI sees HTTP || Add header: <code>proxy_set_header X-Forwarded-Proto $scheme;</code>
+|-
+| '''Redirect loops''' || Missing protocol header behind proxy || See [[Nginx]] for complete proxy configuration
+|}
+== Advanced: Custom Login Scripts ==
+Google Sign-In works with custom login scripts:
+* VoIPmonitor passes the authenticated email to your script
+* Script must return JSON per [[WEB_API#Custom_Login|Custom Login API]]
+* GUI-defined users take precedence over script-authenticated users
+== See Also ==
-* you can enable it in the 'Settings->System configuration->Enable Google Sign in' with Voipmonitor's OAuth2.0 client ID as a default. So you can use it if you will use the name 'gauthgui.voipmonitor.org' as a hostname in your webserver. (it's allowed Authorized JavaScript origins hostname)
+* [[Microsoft_Sign_in_usage]] - Microsoft Entra ID / Azure AD integration
+* [[2FA]] - Two-factor authentication
+* [[WEB_API#Custom_Login]] - Custom login scripts (LDAP, etc.)
+* [[User_Management]] - User account management
-* the client ID can be changed in the 'Settings->System configuration->Google client ID for Google Sign in'
+== AI Summary for RAG ==
-* the G button can be disabled in the 'Settings->System configuration->Don't display Google Sign in button'
+'''Summary:''' Guide for integrating Google Sign-In (OAuth 2.0) with VoIPmonitor GUI. User mapping uses three methods: (1) direct email match, (2) "Secure users" Gmail list, (3) default fallback user. Configuration requires creating OAuth client ID in Google Cloud Console with correct "Authorized JavaScript origins" URL (must match exactly including https://), then enabling in GUI under Settings → System Configuration → Authentication. Common issues: blank window (URL mismatch), SSO failures behind reverse proxy (add X-Forwarded-Proto header).
-* the Google account's email is used as a key in GUI's user list. So you need to create users in the GUI with the appropriate email and to use the 'Google Sign in' as an authorization engine. The user's permissions are used from the GUI's user setting.
+'''Keywords:''' google sign-in, oauth, oauth2, login, authentication, sso, single sign-on, client id, google cloud console, authorized javascript origins, user mapping, secure users, default fallback user, gmail, reverse proxy, X-Forwarded-Proto, AWS ALB, redirect loop, nginx proxy
-== Usage ==
+'''Key Questions:'''
+* How do I enable Google Sign-In for VoIPmonitor GUI?
+* How do I create an OAuth client ID in Google Cloud Console?
+* Where do I configure the Google Client ID in VoIPmonitor?
+* Why do I see a blank window after clicking "Sign in with Google"?
+* How does VoIPmonitor map a Google email to a user profile?
+* What are the three methods for mapping Google users to VoIPmonitor profiles?
+* Can I use Google Sign-In with a custom login script?
+* What is the "Authorized JavaScript origins" setting and why is it important?
+* Why does Google Sign-In fail behind a reverse proxy or AWS ALB?
+* How do I fix redirect loops with Google Sign-In behind Nginx?
-* click on the G button an do auth
+[[Category:Authentication]]
+[[Category:Configuration]]
+[[Category:GUI]]