Toolbox

Main Page

Upload file

What links here

Recent changes

Help

Search

Participate

Modules:Google Sign In

1 Overview
2 Creating and configuring the Google Project
3 Configure Google API Project in Openbravo
4 Google Account association
5 Remove Association
6 Google Integration Preferences
- 6.1 New User Defaults
7 Known Issues
8 Disabling Google integration
- 8.1 Professional Instances
- 8.2 Community Instances

Overview

This module is deprecated in favor of using an External Authentication Provider

Google Sign In is an Openbravo commercial module that provides Google Sign In integration (based in OAuth2 authentication) to Openbravo.

It uses common Google Apps infrastructure provided by Google Apps Integration module.

When this module is installed and configured, Log In page Google Sign In button will start working.

There are two ways to use the Google Accounts authentication service:

Link an existing Openbravo user name with a Google Account
Configure an instance to allow any user with a Google Account to log-in into the application. If no Openbravo user is linked to that Google Account, a new one is created using defaults.

You need to be aware of the security implications of enabling the second option. This feature is offered for public instances where the data is public, or for an instance behind a corporate firewall that is not public accessible. DO NOT ENABLE DEFAULT SETTINGS FOR NEW USERS IF YOUR INSTANCE IS PUBLIC ACCESSIBLE

Creating and configuring the Google Project

The first step is to create and configure a Google API Project which will be used by the Google Sign In feature. Note that the account used to create the project is not necessarily one of the used to login Openbravo but it will be used for API purposes.

Go to Google Developers Console web page. The following screen will be shown:

Click 'Create Project' button, on the top right corner. The following screen will be shown:

Go to 'Credentials' window (it is located in the left menu inside the 'APIs & Services' section. The following screen will be shown:

Now click on 'Configure consent screen' button. The following 2 screens will be shown:

After clicking Create. In the form, at least the fields 'Email address' and 'Product Name' should be filled. Once the data has been introduced, click the 'Save' button:

Go back to 'Credentials' window and click on 'Create Credentials' -> 'OAuth Client ID' button. Follow this screen:

Fill the form with 'Application Type': 'Web application' and set a 'Name'. In the 'Authorized JavaScript origins' your Openbravo instance URL should be introduced. The 'Authorized redirect URIs' are not needed for the Login. Then click the 'CREATE' button. Similar to this screen:

Then click the 'Download JSON' button. It will start downloading the 'Client Secrets' that will be needed later. The download button can be found after clicking on the recently created OAuth 2.0 credential. On the top bar:

Configure Google API Project in Openbravo

This kind of configuration is deprecated since 23Q4. Starting from that version the Authentication Provider Configuration must be used instead.

Log in Openbravo as System Administrator and open 'Google Integration Configuration' window, create a new record and in 'Client Secrets' field paste the contents of the file downloaded in the previous step.

Google Account association

Open the 'Google Account Association' process

The following popup will show:

After clicking OK, the following confirmation prompt will be shown:

By pressing 'Accept' button you will allow your instance to access your Google Account, and the following confirmation alert will be shown:

You can log-out and, log-in again using the 'G' button.

Remove Association

The user can Revoke Access from his Google Account settings
The Client Administrator can remove the record of the association User window > OpenID Identifier tab

Google Integration Preferences

New User Defaults

Remember: DO NOT ENABLE THIS FEATURE IF YOUR APPLICATION IS PUBLIC ACCESSIBLE

You can define some default role for your Client. This default role is the one that will be used to create a new user if the Google Account doesn't have any other user associated.

Open: Google Integration Preferences

Create a new record

Pick the most restrictive role you have.
- Note: If you want to restrict the access, you should configure a role that only allows the user to log-in. After the user creation the authentication process, the Client Administrator can define more roles for the user.

New User Active: If the newly created user should be active by default or not.

Default: If you have several roles configured, just the default one will be used

After configuring this default preferences, any user with a Google Account can log-in into the application. If no Openbravo user is associated a new one is created with the default previously defined.

Known Issues

When Signing In with OAuth2, Google provides a different ID than the one it provided when signing in with OpenID2. This means, Openbravo and Google account needs to be reassociated even they were previously linked. So first time each user wants to use new sign in, confirmation will be prompted again.

This affects also to auto-genrated users, this is, previously auto-generated users can't sign in again using new authentication. If user auto-generation is enabled, new users will be created on firsts sign in.

Disabling Google integration

Professional Instances

You just need to create a new Preference with the property:

As System Administrator.
Open the Preference window.
Create a new Preference and pick the property: Enable Google button in Login Page.
Set the value to: N.

Community Instances

The 'Google Sign In' button cannot be hidden.

Retrieved from "http://wiki.openbravo.com/wiki/Modules:Google_Sign_In"

This page has been accessed 53,224 times. This page was last modified on 26 July 2023, at 14:58. Content is available under Creative Commons Attribution-ShareAlike 2.5 Spain License.