Google OAuth2 strategy for Überauth.
-
Setup your application at Google Developer Console.
-
Add
:ueberauth_googleto your list of dependencies inmix.exs:def deps do [ {:ueberauth_google, "~> 0.10"} ] end
-
Add Google to your Überauth configuration:
config :ueberauth, Ueberauth, providers: [ google: {Ueberauth.Strategy.Google, []} ]
-
Update your provider configuration:
Use that if you want to read client ID/secret from the environment variables in the compile time:
config :ueberauth, Ueberauth.Strategy.Google.OAuth, client_id: System.get_env("GOOGLE_CLIENT_ID"), client_secret: System.get_env("GOOGLE_CLIENT_SECRET")
Use that if you want to read client ID/secret from the environment variables in the run time:
config :ueberauth, Ueberauth.Strategy.Google.OAuth, client_id: {System, :get_env, ["GOOGLE_CLIENT_ID"]}, client_secret: {System, :get_env, ["GOOGLE_CLIENT_SECRET"]}
-
Include the Überauth plug in your controller:
defmodule MyApp.AuthController do use MyApp.Web, :controller plug Ueberauth ... end
-
Create the request and callback routes if you haven't already:
scope "/auth", MyApp do pipe_through :browser get "/:provider", AuthController, :request get "/:provider/callback", AuthController, :callback end
-
Your controller needs to implement callbacks to deal with
Ueberauth.AuthandUeberauth.Failureresponses.
For an example implementation see the Überauth Example application.
Depending on the configured url you can initiate the request through:
/auth/google
Or with options:
/auth/google?scope=email%20profile
By default the requested scope is "email". Scope can be configured either explicitly as a scope query value on the request path or in your configuration:
config :ueberauth, Ueberauth,
providers: [
google: {Ueberauth.Strategy.Google, [default_scope: "email profile plus.me"]}
]You can also pass options such as the hd parameter to suggest a particular Google Apps hosted domain (caution, can still be overridden by the user), prompt and access_type options to request refresh_tokens and offline access (both have to be present), or include_granted_scopes parameter to allow incremental authorization.
config :ueberauth, Ueberauth,
providers: [
google: {Ueberauth.Strategy.Google, [hd: "example.com", prompt: "select_account", access_type: "offline", include_granted_scopes: true]}
]In some cases, it may be necessary to update the user info endpoint, such as when deploying to countries that block access to the default endpoint.
config :ueberauth, Ueberauth,
providers: [
google: {Ueberauth.Strategy.Google, [userinfo_endpoint: "https://www.googleapis.cn/oauth2/v3/userinfo"]}
]This may also be set via runtime configuration by passing a 2 or 3 argument tuple. To use this feature, the first argument must be the atom :system, and the second argument must represent the environment variable containing the endpoint url.
A third argument may be passed representing a default value if the environment variable is not found, otherwise the library default will be used.
config :ueberauth, Ueberauth,
providers: [
google: {Ueberauth.Strategy.Google, [
userinfo_endpoint: {:system, "GOOGLE_USERINFO_ENDPOINT", "https://www.googleapis.cn/oauth2/v3/userinfo"}
]}
]To guard against client-side request modification, it's important to still check the domain in info.urls[:website] within the Ueberauth.Auth struct if you want to limit sign-in to a specific domain.
Copyright (c) 2015 Sean Callan
Released under the MIT License, which can be found in the repository in LICENSE.