Google Sign in usage: Difference between revisions

From VoIPmonitor.org
Jump to navigation Jump to search
No edit summary
No edit summary
 
Line 1: Line 1:
== Configuration ==
{{DISPLAYTITLE:How to Set Up Google Sign-In (OAuth)}}


* it's disabled by default
'''This guide provides a complete, step-by-step tutorial for enabling users to log into the VoIPmonitor GUI using their Google accounts via the OAuth 2.0 protocol.'''


* you can enable it in the 'Settings->System configuration->Enable Google Sign in' with Voipmonitor's OAuth2.0 client ID as a default.
== Overview: What is Google Sign-In? ==
Integrating Google Sign-In provides a convenient and secure way for your users to access the VoIPmonitor GUI. Instead of creating and remembering a separate password for VoIPmonitor, they can use their existing, trusted Google account.


* the client ID can be changed in the 'Settings->System configuration->Google client ID for Google Sign in'
The process works by linking a user's Google email address to a user profile inside VoIPmonitor. When a user authenticates with Google, VoIPmonitor uses their email address to find their corresponding profile and apply the correct permissions.


* the G button can be disabled in the 'Settings->System configuration->Don't display Google Sign in button'
=== How User Permissions Are Assigned ===
VoIPmonitor uses the following logic to map a logged-in Google user to a GUI profile:
#'''Direct Email Match:''' First, it checks if a user exists in the GUI whose username is an exact match for the Google email address.
#'''Secure Users List:''' If no direct match is found, it checks the "Gmail emails" list under the "Secure users" tab of '''all''' user profiles. If a match is found, the permissions of that profile are used. This allows multiple Google accounts to be mapped to a single VoIPmonitor profile.
#'''Default Fallback User:''' If still no match is found, it checks if any user has been designated as the "Default Google Sign-In email" account. If so, all unmatched Google users will inherit the permissions of this default profile.


* the Google account's email is used as a key in GUI's user list. So you need to create users in the GUI with the appropriate email and to use the 'Google Sign in' as an authorization engine. The user's permissions are used from the GUI's user setting.
== Part 1: Creating Google OAuth 2.0 Credentials ==
Before you can enable this feature in VoIPmonitor, you must create your own "OAuth client ID" within the Google Cloud Platform console.


* From the GUI 25.3 is possible to add one or more Google emails into Users -> 'secure users' tab -> Gmail emails. If Google email (returned from auth) is found in this entry then permissions of this user are used.
;Step 1: Go to the Google Cloud Console
:Navigate to [https://console.cloud.google.com/apis/credentials https://console.cloud.google.com/apis/credentials].


* Next is possible to set one user account as 'Default Google Sign email'. If set then all non-matched Google email will use these account's permissions.
;Step 2: Create New Credentials
:Click '''+ CREATE CREDENTIALS''' at the top of the page and select '''OAuth client ID'''.


== Usage ==
;Step 3: Configure the OAuth Client ID
:* '''Application type:''' Select '''Web application'''.
:* '''Name:''' Give it a descriptive name, like "VoIPmonitor GUI Login".
:* '''Authorized JavaScript origins:''' This is a '''critical''' step. You must add the full URL of your VoIPmonitor GUI here. For example, `https://voipmonitor.example.com`. Note that Google requires these URLs to use '''HTTPS'''.
:* '''Authorized redirect URIs:''' This can often be left blank, but for best practice, you should add the URL of your GUI's login page.


* click on the G button an do auth
;Step 4: Get Your Client ID
:After creation, a pop-up will display your '''Client ID'''. It will look something like `1234567890-abcdefghijklmnopqrstuvwxyz.apps.googleusercontent.com`. Copy this value; you will need it in the next part.


== Own credential (the fast way how to create own credential) ==
;Step 5: Configure the OAuth Consent Screen
:You may be prompted to configure the "OAuth consent screen." This is the page your users will see when they first authorize the application. You only need to fill in the basic required information, such as an application name and user support email.


* Your own credentials will you create via https://console.developers.google.com (It supposes you can use the developer console)
== Part 2: Configuring VoIPmonitor ==
With your Google Client ID in hand, you can now enable and configure the integration in the GUI.


* API & Service -> credential -> create new credential -> type 'OAuth client ID' -> web application: here you get your client_id which you enter into the GUI.
;Step 1: Enable Google Sign-In
:Navigate to '''Settings -> System Configuration -> Authentication'''.
:* Find the option '''Enable Google Sign in''' and set it to '''Yes'''.


* Edit this new credential: Restriction -> Authorized JavaScript origins : set allowed URLs  (now allowed only https:// URLs !!!)
;Step 2: Enter Your Client ID
:* Find the option '''Google client ID for Google Sign in'''.
:* Paste the Client ID you obtained from the Google Cloud Console into this field. If you leave it blank, VoIPmonitor will use a default, shared client ID, but it is '''highly recommended''' to use your own.


* Return to the API -> credentials -> OAuth consent screen : set 'Application type' and 'Authorized domains' (not needed in latest Google console settings)
;Step 3: (Optional) Hide the Login Button
:* If you want to ''only'' allow Google login and hide the standard username/password form, you can set '''Don't display local login form''' to '''Yes'''.
:* The '''Don't display Google Sign in button''' option allows you to hide the "G" button if you need to temporarily disable the feature without losing your settings.


;Step 4: Create User Mappings
:Ensure that user accounts exist in '''Settings -> Users''' with usernames that match the Google email addresses of the users who will be logging in, or use the "Secure users" or "Default" mapping methods described in the overview.


That's all. After that logout from all your services logged with google account a re-login.
== Troubleshooting ==
;Problem: After clicking the "Sign in with Google" button, a blank window or pop-up appears and nothing happens.
:* '''Cause:''' This is almost always caused by an incorrect configuration of the '''Authorized JavaScript origins''' in your Google Cloud Console credentials.
:* '''Solution:''' Go back to your OAuth client ID settings in the Google Cloud Console and ensure that the URL you entered exactly matches the URL of your VoIPmonitor GUI, including the `https://` prefix.


(Of course don't forget to enable the GAuth in the GUI).
== Advanced Usage: Custom Login Scripts ==
The Google Sign-In feature is compatible with custom login scripts.
* When a user authenticates, VoIPmonitor will pass the user's email address to your custom script.
* Your script must then perform its logic and return a JSON structure as described in the [[WEB_API#Custom_Login|Custom Login API documentation]].
* Note that users defined directly within the VoIPmonitor GUI will always take precedence over users authenticated via a custom login script.


== Problems solving ==
== AI Summary for RAG ==
* If a blank window opens instead of a GUI login
'''Summary:''' This guide provides a complete tutorial on integrating Google Sign-In with the VoIPmonitor GUI using OAuth 2.0. It explains how the feature works by mapping a user's Google email to an internal GUI user profile to assign permissions, detailing the three matching methods (direct email, "Secure users" list, and default fallback user). The guide is structured into two main parts. Part 1 provides a step-by-step process for creating an "OAuth client ID" in the Google Cloud Platform console, emphasizing the critical importance of correctly configuring the "Authorized JavaScript origins." Part 2 details the configuration within the VoIPmonitor GUI under "Settings -> System Configuration," including enabling the feature and entering the custom Google Client ID. It also includes a troubleshooting section for common problems like a blank login window and notes on integration with custom login scripts.
(take care on settings of "Authorised JavaScript origins" field in GCloud)
'''Keywords:''' google sign-in, oauth, oauth2, login, authentication, google login, sso, single sign-on, api, credentials, client id, google cloud console, authorized javascript origins, user mapping, custom login
 
'''Key Questions:'''
== Usage with custom login script ==
* How can I enable users to log in with their Google account?
 
* What is Google OAuth 2.0 and how does it work with VoIPmonitor?
* it's working
* How do I create an OAuth client ID in the Google Cloud Console?
* the email returned from Google is passed to the custom login script. And your script must return the structure as described in [[WEB_API#Custom_Login]]
* Where do I configure the Google Client ID in the VoIPmonitor GUI?
* Note: the GUI's internal users have precedence before custom login users
* Why do I see a blank window after clicking the "Sign in with Google" button?
* How does VoIPmonitor map a Google email to a user with permissions?
* Can I use Google Sign-In with a custom login script?

Latest revision as of 23:33, 30 June 2025


This guide provides a complete, step-by-step tutorial for enabling users to log into the VoIPmonitor GUI using their Google accounts via the OAuth 2.0 protocol.

Overview: What is Google Sign-In?

Integrating Google Sign-In provides a convenient and secure way for your users to access the VoIPmonitor GUI. Instead of creating and remembering a separate password for VoIPmonitor, they can use their existing, trusted Google account.

The process works by linking a user's Google email address to a user profile inside VoIPmonitor. When a user authenticates with Google, VoIPmonitor uses their email address to find their corresponding profile and apply the correct permissions.

How User Permissions Are Assigned

VoIPmonitor uses the following logic to map a logged-in Google user to a GUI profile:

  1. Direct Email Match: First, it checks if a user exists in the GUI whose username is an exact match for the Google email address.
  2. Secure Users List: If no direct match is found, it checks the "Gmail emails" list under the "Secure users" tab of all user profiles. If a match is found, the permissions of that profile are used. This allows multiple Google accounts to be mapped to a single VoIPmonitor profile.
  3. Default Fallback User: If still no match is found, it checks if any user has been designated as the "Default Google Sign-In email" account. If so, all unmatched Google users will inherit the permissions of this default profile.

Part 1: Creating Google OAuth 2.0 Credentials

Before you can enable this feature in VoIPmonitor, you must create your own "OAuth client ID" within the Google Cloud Platform console.

Step 1
Go to the Google Cloud Console
Navigate to https://console.cloud.google.com/apis/credentials.
Step 2
Create New Credentials
Click + CREATE CREDENTIALS at the top of the page and select OAuth client ID.
Step 3
Configure the OAuth Client ID
  • Application type: Select Web application.
  • Name: Give it a descriptive name, like "VoIPmonitor GUI Login".
  • Authorized JavaScript origins: This is a critical step. You must add the full URL of your VoIPmonitor GUI here. For example, `https://voipmonitor.example.com`. Note that Google requires these URLs to use HTTPS.
  • Authorized redirect URIs: This can often be left blank, but for best practice, you should add the URL of your GUI's login page.
Step 4
Get Your Client ID
After creation, a pop-up will display your Client ID. It will look something like `1234567890-abcdefghijklmnopqrstuvwxyz.apps.googleusercontent.com`. Copy this value; you will need it in the next part.
Step 5
Configure the OAuth Consent Screen
You may be prompted to configure the "OAuth consent screen." This is the page your users will see when they first authorize the application. You only need to fill in the basic required information, such as an application name and user support email.

Part 2: Configuring VoIPmonitor

With your Google Client ID in hand, you can now enable and configure the integration in the GUI.

Step 1
Enable Google Sign-In
Navigate to Settings -> System Configuration -> Authentication.
  • Find the option Enable Google Sign in and set it to Yes.
Step 2
Enter Your Client ID
  • Find the option Google client ID for Google Sign in.
  • Paste the Client ID you obtained from the Google Cloud Console into this field. If you leave it blank, VoIPmonitor will use a default, shared client ID, but it is highly recommended to use your own.
Step 3
(Optional) Hide the Login Button
  • If you want to only allow Google login and hide the standard username/password form, you can set Don't display local login form to Yes.
  • The Don't display Google Sign in button option allows you to hide the "G" button if you need to temporarily disable the feature without losing your settings.
Step 4
Create User Mappings
Ensure that user accounts exist in Settings -> Users with usernames that match the Google email addresses of the users who will be logging in, or use the "Secure users" or "Default" mapping methods described in the overview.

Troubleshooting

Problem
After clicking the "Sign in with Google" button, a blank window or pop-up appears and nothing happens.
  • Cause: This is almost always caused by an incorrect configuration of the Authorized JavaScript origins in your Google Cloud Console credentials.
  • Solution: Go back to your OAuth client ID settings in the Google Cloud Console and ensure that the URL you entered exactly matches the URL of your VoIPmonitor GUI, including the `https://` prefix.

Advanced Usage: Custom Login Scripts

The Google Sign-In feature is compatible with custom login scripts.

  • When a user authenticates, VoIPmonitor will pass the user's email address to your custom script.
  • Your script must then perform its logic and return a JSON structure as described in the Custom Login API documentation.
  • Note that users defined directly within the VoIPmonitor GUI will always take precedence over users authenticated via a custom login script.

AI Summary for RAG

Summary: This guide provides a complete tutorial on integrating Google Sign-In with the VoIPmonitor GUI using OAuth 2.0. It explains how the feature works by mapping a user's Google email to an internal GUI user profile to assign permissions, detailing the three matching methods (direct email, "Secure users" list, and default fallback user). The guide is structured into two main parts. Part 1 provides a step-by-step process for creating an "OAuth client ID" in the Google Cloud Platform console, emphasizing the critical importance of correctly configuring the "Authorized JavaScript origins." Part 2 details the configuration within the VoIPmonitor GUI under "Settings -> System Configuration," including enabling the feature and entering the custom Google Client ID. It also includes a troubleshooting section for common problems like a blank login window and notes on integration with custom login scripts. Keywords: google sign-in, oauth, oauth2, login, authentication, google login, sso, single sign-on, api, credentials, client id, google cloud console, authorized javascript origins, user mapping, custom login Key Questions:

  • How can I enable users to log in with their Google account?
  • What is Google OAuth 2.0 and how does it work with VoIPmonitor?
  • How do I create an OAuth client ID in the Google Cloud Console?
  • Where do I configure the Google Client ID in the VoIPmonitor GUI?
  • Why do I see a blank window after clicking the "Sign in with Google" button?
  • How does VoIPmonitor map a Google email to a user with permissions?
  • Can I use Google Sign-In with a custom login script?
Retrieved from "https://www.voipmonitor.org//doc/index.php?title=Google_Sign_in_usage&oldid=5488"