diff --git a/google_oauth_setup.mdx b/google_oauth_setup.mdx new file mode 100644 index 0000000..76da7c4 --- /dev/null +++ b/google_oauth_setup.mdx @@ -0,0 +1,81 @@ +--- +title: "Google OAuth Setup" +description: "How to set up user login via Google OAuth" +--- + +## Setting up the Google Cloud App +Create a google project: https://console.cloud.google.com/projectcreate + + +## Enabling the People API +Enable the **Google People API** here: https://console.cloud.google.com/apis/library/people.googleapis.com + +Be sure to have the right project selected. + + +## Setting up the OAuth Consent Screen +Go to **APIs & Services** on the left hand tab (see image below). + +Then select **OAuth Consent screen** page. + +![GoogleOAuthConsentMenu](/images/google_oauth_setup/GoogleOAuthConsentMenu.png) + +Under OAuth Consent screen select either Internal or External +- Companies with a **Google Workspace** should choose `Internal` +- Otherwise choose `External` + +On the next page: +- Provide an app name (can go with `Danswer`) +- Provide any email you own (or danswer.dev@gmail.com if you want us to handle questions from your Danswer users) +- Upload the Danswer logo (or leave blank) +- The **Developer contact information** can be any email you own (or again, danswer.dev@gmail.com) + +![GoogleApp](/images/google_oauth_setup/GoogleApp.png) + +Leave the optional fields blank + +Click **SAVE AND CONTINUE** + +Leave the next two pages for **Scopes** and **Test users** blank. + + +## Setting up Credentials +Still under **APIs & Services**, go to **Credentials** on the left hand bar + +Click on **+CREATE CREDENTIALS** and choose `OAuth client ID` + +Select `Web application` then call it `Danswer` + +Add a `Authorized JavaScript origins` as: +- `http://localhost:3000` for local or replace with `WEB_DOMAIN` if setting up for prod. + +Add a `Authorized redirect URIs` as: +- `http://localhost:3000/auth/google/callback` for local setup or your `WEB_DOMAIN` if setting up for prod. + +Click **CREATE** and save the Client ID and Client Secret for use in the next section + + +## Turning on OAuth in Danswer +OAuth is controlled by 4 environment variables, regardless of deployment choice +(non-containerized, docker compose, kubernetes). To turn the feature on set: +- `DISABLE_AUTH=False` +- `ENABLE_OAUTH=True` +- `GOOGLE_OAUTH_CLIENT_ID=` +- `GOOGLE_OAUTH_CLIENT_SECRET=` + + +### Non Dockerized +Simply set the above environment variables when running the different Danswer processes. + + +### Docker Compose +If using **docker-compose.dev.yaml**, `DISABLE_AUTH` is set to `True` by default in the yaml file which has higher +priority than the **.env** file. Make sure to delete `DISABLE_AUTH` from the dev yaml. + +If using the **docker-compose.prod.yaml**, `DISABLE_AUTH` is not set so no need to edit the yaml. + +Then set the 4 environment variables in a file called **.env** under **danswer/deployment/docker_compose**. + + +### Kubernetes +Simply replace the `REPLACE-THIS` values in secrets.yaml with thebase64 encoded client ID and client secret from above. diff --git a/images/google_oauth_setup/GoogleApp.png b/images/google_oauth_setup/GoogleApp.png new file mode 100644 index 0000000..88ac517 Binary files /dev/null and b/images/google_oauth_setup/GoogleApp.png differ diff --git a/images/google_oauth_setup/GoogleOAuthConsentMenu.png b/images/google_oauth_setup/GoogleOAuthConsentMenu.png new file mode 100644 index 0000000..2a42945 Binary files /dev/null and b/images/google_oauth_setup/GoogleOAuthConsentMenu.png differ diff --git a/mint.json b/mint.json index d4c871d..6a3d3fa 100644 --- a/mint.json +++ b/mint.json @@ -33,6 +33,7 @@ "pages": [ "introduction", "quickstart", + "google_oauth_setup", "advanced_setup", "slack_bot_setup", "contact_us"