Adding Google Credentials¶
To make the SSO work, we need to set up, in your Django project, the Google credentials needed to perform the authentication.
Getting Google Credentials¶
In your Google Console navigate to Api -> Credentials to access the credentials for your all Google Cloud Projects.
Your first Google Cloud Project
If you don't have a Google Cloud Project, you can create one by clicking on the Create button.
Then, you can select one of existing Web App Oauth 2.0 Client Ids in your Google project, or create a new one.
Do I need to create a new Oauth 2.0 Client Web App?
Normally you will have one credential per environment in your Django project. For example, if you have a development, staging and production environments, then you will have three credentials, one for each one. This mitigates the risk of exposing all your data in case of a security breach.
If you decide to create a new one, please check https://developers.google.com/identity/protocols/oauth2/ for additional info.
When you open your Web App Client Id, please get the following information:
- The Client ID. This is something like
XXXX.apps.googleusercontent.com
and will be theGOOGLE_SSO_CLIENT_ID
in your Django project. - The Client Secret Key. This is a long string and will be the
GOOGLE_SSO_CLIENT_SECRET
in your Django project. - The Project ID. This is the Project ID, you can get click on the Project Name, and will be
the
GOOGLE_SSO_PROJECT_ID
in your Django project.
After that, add them in your settings.py
file:
# settings.py
GOOGLE_SSO_ALLOWABLE_DOMAINS = ["your domain here"]
GOOGLE_SSO_CLIENT_ID = "your client id here"
GOOGLE_SSO_CLIENT_SECRET = "your client secret here"
GOOGLE_SSO_PROJECT_ID = "your project id here"
Don't commit this info in your repository. This permits you to have different credentials for each environment and mitigates security breaches. That's why we recommend you to use environment variables to store this info. To read this data, we recommend you to install and use a Twelve-factor compatible library in your project.
For example, you can use our sister project Stela to load the environment
variables from a .env.local
file, like this:
# .env.local
GOOGLE_SSO_ALLOWABLE_DOMAINS=["your domain here"]
GOOGLE_SSO_CLIENT_ID="your client id here"
GOOGLE_SSO_CLIENT_SECRET="your client secret here"
GOOGLE_SSO_PROJECT_ID="your project id here"
# Django settings.py
from stela import env
GOOGLE_SSO_ALLOWABLE_DOMAINS = env.GOOGLE_SSO_ALLOWABLE_DOMAINS
GOOGLE_SSO_CLIENT_ID = env.GOOGLE_SSO_CLIENT_ID
GOOGLE_SSO_CLIENT_SECRET = env.GOOGLE_SSO_CLIENT_SECRET
GOOGLE_SSO_PROJECT_ID = env.GOOGLE_SSO_PROJECT_ID
But in fact, you can use any library you want, like django-environ, django-constance, python-dotenv, etc...
In the next step, we need to configure the authorized callback URI for your Django project.