--- title: "Google OAuth Setup" description: "How to set up user login via Google OAuth" --- ## Setting up the Google Cloud App Create a google project: https://console.cloud.google.com/projectcreate ## Enabling the People API Enable the **Google People API** here: https://console.cloud.google.com/apis/library/people.googleapis.com Be sure to have the right project selected. ## Setting up the OAuth Consent Screen Go to **APIs & Services** on the left hand tab (see image below). Then select **OAuth Consent screen** page. ![GoogleOAuthConsentMenu](/images/google_oauth_setup/GoogleOAuthConsentMenu.png) Under OAuth Consent screen select either Internal or External - Companies with a **Google Workspace** should choose `Internal` - Otherwise choose `External` On the next page: - Provide an app name (can go with `Danswer`) - Provide any email you own (or danswer.dev@gmail.com if you want us to handle questions from your Danswer users) - Upload the Danswer logo (or leave blank) - The **Developer contact information** can be any email you own (or again, danswer.dev@gmail.com) ![GoogleApp](/images/google_oauth_setup/GoogleApp.png) Leave the optional fields blank Click **SAVE AND CONTINUE** Leave the next two pages for **Scopes** and **Test users** blank. ## Setting up Credentials Still under **APIs & Services**, go to **Credentials** on the left hand bar Click on **+CREATE CREDENTIALS** and choose `OAuth client ID` Select `Web application` then call it `Danswer` Add a `Authorized JavaScript origins` as: - `http://localhost:3000` for local or replace with `WEB_DOMAIN` if setting up for prod. Add a `Authorized redirect URIs` as: - `http://localhost:3000/auth/google/callback` for local setup or your `WEB_DOMAIN` if setting up for prod. Click **CREATE** and save the Client ID and Client Secret for use in the next section ## Turning on OAuth in Danswer OAuth is controlled by 4 environment variables, regardless of deployment choice (non-containerized, docker compose, kubernetes). To turn the feature on set: - `DISABLE_AUTH=False` - `ENABLE_OAUTH=True` - `GOOGLE_OAUTH_CLIENT_ID=` - `GOOGLE_OAUTH_CLIENT_SECRET=` ### Non Containerized Simply set the above environment variables when running the different Danswer processes. - The backend api server requires all of them - The frontend just requires `DISABLE_AUTH=False` ### Docker Compose Simply set the 4 environment variables in a file called **.env** under **danswer/deployment/docker_compose**. ### Kubernetes Kubernetes deployment was designed for production use and assumes that user Auth is a required feature therefore it is on by default. To set up the required values, replace the `REPLACE-THIS` values in secrets.yaml with thebase64 encoded client ID and client secret from above.