Using Google to login to your Plone site with authomatic
The great pas.plugins.authomatic addon developed by Jens Klein and Matthias Dollfuss makes it easy to integrate authentication with many different authentication providers. Take a look at http://peterhudec.com/authomatic/ for details. This blog post will go over what it takes to integrate with Google.
oauth config
First off, setup google credentials: https://console.developers.google.com/apis/credentials
- create new -> oauth client
- redirect url: http://localhost:8080/Plone/authomatic-handler/google or wherever you're hosting
- make sure to configure oauth consent screen as well
We'll use client id/secret later for the authomatic addon configuration.
Also, enable google+ api scope info(https://console.developers.google.com/apis/api/plus/overview?project=<project-id>) and click enable button at the top. This might take a couple minutes to propagate.
Plone install
First off, install the pas.plugins.authomatic addon in your buildout file.
Then, in plone, install the PAS plugin in the "Add-ons" control panel.
Finally, here is a sample configuration for google you can configure in the add-on configuration screen:
{"google": {
"id": 1,
"display": {
"title": "Google",
"cssclasses": {
"button": "plone-btn plone-btn-default",
"icon": "glypicon glyphicon-google"
},
"as_form": false
},
"propertymap": {
"email": "email",
"link": "home_page",
"location": "location",
"name": "fullname"
},
"class_": "authomatic.providers.oauth2.Google",
"consumer_key": "<google client id>",
"consumer_secret": "<google client secret>",
"scope": ["profile", "email"],
"user_authorization_params": {
"hd": "wildcardcorp.com"
},
"access_headers": {
"User-Agent": "Plone (pas.plugins.authomatic)"
}
}
The main part to pay attention to here and customize is:
"consumer_key": "<google client id>",
"consumer_secret": "<google client secret>",
Bonus, to restrict to particular domains:
"user_authorization_params": {
"hd": "wildcardcorp.com"
}