/magda-auth-google

A Magda Microservice Auth Plugin for Google

Primary LanguageTypeScriptApache License 2.0Apache-2.0

magda-auth-google

Version: 2.0.0

A Magda Authentication Plugin for Google

Requires MAGDA version 0.0.58 or above.

To deploy the authentication plugin with your MAGDA instance, please check MAGDA Gateway Helm Chart Document.

How to Use

  1. Add the auth plugin as a Helm Chart Dependency
- name: magda-auth-google
  version: "2.0.0" # or put the latest version number here
  repository: "oci://ghcr.io/magda-io/charts"

Since v2.0.0, we use Github Container Registry as our official Helm Chart & Docker Image release registry.

  1. Config the auth plugin with googleClientId:
magda-auth-google:
  googleClientId: xxxxxx
  1. Config Gatway to add the auth plugin to Gateway's plugin list (More details see here)
gateway:
  authPlugins:
  - key: "google"
    baseUrl: http://magda-auth-google
  1. Create a secret oauth-secrets in your deployment Magda namespace with the correct value for google-client-secret key

Google API Setup

  1. Open Google Cloud Console

  2. Go to Credentials (APIs and Services)

  3. Create an OAuth 2.0 Client IDs

The Authorised redirect URIs should be: https://my-magda.com/auth/login/plugin/google/return

Here my-magda.com is the domain you serve magda from. It should match helm chart config global.externalUrl.

Homepage: https://github.com/magda-io/magda-auth-google

Source Code

Requirements

Kubernetes: >= 1.14.0-0

Repository Name Version
oci://ghcr.io/magda-io/charts magda-common 2.1.1

Values

Key Type Default Description
authPluginRedirectUrl string nil the redirection url after the whole authentication process is completed. Authentication Plugins will use this value as default. The following query paramaters can be used to supply the authentication result:
  • result: (string) Compulsory. Possible value: "success" or "failure".
  • errorMessage: (string) Optional. Text message to provide more information on the error to the user.
This field is for overriding the value set by global.authPluginRedirectUrl. Unless you want to have a different value only for this auth plugin, you shouldn't set this value.
autoscaler.enabled bool false turn on the autoscaler or not
autoscaler.maxReplicas int 3
autoscaler.minReplicas int 1
autoscaler.targetCPUUtilizationPercentage int 80
defaultAdminUserId string "00000000-0000-4000-8000-000000000000" which system account we used to talk to auth api The value of this field will only be used when global.defaultAdminUserId has no value
defaultImage.imagePullSecret bool false
defaultImage.pullPolicy string "IfNotPresent"
defaultImage.repository string "ghcr.io/magda-io"
global object {"authPluginRedirectUrl":"/sign-in-redirect","externalUrl":"","image":{},"rollingUpdate":{}} only for providing appropriate default value for helm lint
googleClientId string nil Google Client Id. You must provide this value to make this plugin work Besides, this id. You also need to provide googleClientSecret via secret oauth-secrets (key: google-client-secret). You can use Magda Create Secret Tool to create this secret.
image.name string "magda-auth-google"
replicas int 1 no. of initial replicas
resources.limits.cpu string "50m"
resources.requests.cpu string "10m"
resources.requests.memory string "30Mi"