Google - Admin SSO Provider
Requirements
You will need to gather or complete the following requirements before you can configure Google as a Strapi Admin SSO Provider:
- Properly configure Strapi for SSO including adding the
urlconfiguration key to your./config/server.jsfile. - Create your Google OAuth2 credentials by following the steps in the Google Developer Console.
- Gather the required information to set as environment variables in your Strapi project:
GOOGLE_CLIENT_IDGOOGLE_CLIENT_SECRET
Provider Specific Notes
The Google OAuth2 provider requires the following scopes, however additional scopes can be added as needed depending on your use case and the data you need returned:
https://www.googleapis.com/auth/userinfo.emailhttps://www.googleapis.com/auth/userinfo.profile
Data returned from the provider is dependent on how your Google OAuth2 application is configured. The example below assumes that the Google OAuth2 application is configured to return the user's email, first name, and last name. Fields returned by the provider can change based on the scopes requested and the user's Google account settings.
If you aren't sure what data is being returned by the provider, you can log the profile object in the createStrategy function to see what data is available as seen in the following example.
Configuration Example with Logging
(request, accessToken, refreshToken, profile, done) => {
// See what is returned by the provider
console.log(profile);
done(null, {
// Map the data returned by the provider to the Strapi user object
email: profile.email,
firstname: profile.given_name,
lastname: profile.family_name,
});
}
Strapi Configuration
Using: passport-google-oauth2
Install the Provider Package
- yarn
- npm
yarn add passport-google-oauth2
npm install --save passport-google-oauth2
Adding the Provider to Strapi
- JavaScript
- TypeScript
const GoogleStrategy = require("passport-google-oauth2");
module.exports = ({ env }) => ({
auth: {
// ...
providers: [
{
uid: "google",
displayName: "Google",
icon: "https://cdn2.iconfinder.com/data/icons/social-icons-33/128/Google-512.png",
createStrategy: (strapi) =>
new GoogleStrategy(
{
clientID: env("GOOGLE_CLIENT_ID"),
clientSecret: env("GOOGLE_CLIENT_SECRET"),
scope: [
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/userinfo.profile",
],
callbackURL:
env('PUBLIC_URL') +
strapi.admin.services.passport.getStrategyCallbackURL("google"),
},
(request, accessToken, refreshToken, profile, done) => {
done(null, {
email: profile.email,
firstname: profile.given_name,
lastname: profile.family_name,
});
}
),
},
],
},
});
import {Strategy as GoogleStrategy } from "passport-google-oauth2";
export default ({ env }) => ({
auth: {
// ...
providers: [
{
uid: "google",
displayName: "Google",
icon: "https://cdn2.iconfinder.com/data/icons/social-icons-33/128/Google-512.png",
createStrategy: (strapi) =>
new GoogleStrategy(
{
clientID: env("GOOGLE_CLIENT_ID"),
clientSecret: env("GOOGLE_CLIENT_SECRET"),
scope: [
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/userinfo.profile",
],
callbackURL:
env('PUBLIC_URL') +
strapi.admin.services.passport.getStrategyCallbackURL("google"),
},
(request, accessToken, refreshToken, profile, done) => {
done(null, {
email: profile.email,
firstname: profile.given_name,
lastname: profile.family_name,
});
}
),
},
],
},
});