Skip to content

Home

Jump to bottom Edit New page
Robert J. Lang edited this page Dec 21, 2020 · 1 revision

Google Auth

This module allows you to authenticate with Google and use this authentication to carry out API requests by other modules, enabling users to manage accounts, authenticate with Google (i.e. get an access token) and use this authentication to perform API requests.

It allows you to enter Google account details like the Client ID, Client Secret Key, Developer Key, and to select Google Services to be enabled. It then gets the OAuth2 access token from Google.

The account management page shows an authenticate link if the account is not authenticated and a revoke link if the account is authenticated.

This module includes two sub-modules:

  • Google Auth Login (gauth_login) lets a user login to their Backdrop account using their Google login;

  • Google Auth User Support (gauth_user) lets a user authenticate for Google Services.

Setting up Google Authentication

This model basically lets your Backdrop website talk to Google and authenticate using OAuth2. In order to do anything, you will need to configure both your Backdrop website and Google, letting each know how to communicate with the other.

Configuring the Backdrop Site

  1. Install and enable Google Auth (gauth) in the usual way.

  2. Visit the configuration page under Administration > Configuration > Web Services > Google account settings (admin/config/services/gauth_account). Before you can do anything, you'll need to create an account. You can see what you'll need by selecting "Add account."

Each account requires several pieces of data, some of which you choose, some of which come from Google:

  • Account Name -- you can choose this to be something convenient.
  • API Key -- this will come from Google.
  • Client ID -- This will come from Google.
  • Client Secret Key -- This will come from Google.
  • Services -- These are the services that will be enabled to be used. You'll need to enable their corresponding APIs within Google.
  • Access Type -- You can choose whether to allow offline actions.
  • Redirect URL -- You'll need to enter this when you are configuring Google, so copy this or keep it accessible when you go to configure Google.

No need to fill this in yet (since you don't have all the information), but do note the Redirect URL; you'll need that.

Configuring Google

On the Google side of things, you will create credentials. To do this, you'll need to create a project, which is associated with an organization. To do this:

  1. Visit the Google Developer's Console.
  2. Create a new project with appropriate details if you don't already have a project created.
  3. In the hamburgered menu at top left (just next to "Google APIs"), select APIs & Services > Credentials.
    1. Create an API Key. Make a note of it: you'll enter that on the Backdrop site (see above).
    2. Create an OAuth Client ID. When you are doing that, you will fill in:
      1. Authorized JavaScript origins -- this is the URL of your site that Javascript requests will come from.
      2. Authorized redirect URIs -- this is the "Redirect URL" from above. It's the URL that Google will use to talk to your site.
    3. When you have created the OAuth Client ID, Google will generate two quantities that you will need for Backdrop configuration:
      1. Client ID -- this is a long string that will end in .com.
      2. Client secret -- this is a string of assorted characters.

You will also need to enable the APIs that you plan to use.

To do this, go to the API Library for your project. That will take you to a grid of the various available APIs. Select and enable the APIs that you plan to use (and that you will select on the Backdrop configuration page).

Note: the various APIs are documented here.

Once you've configured Google, you can return to the "Add account" page and enter the information you've configured.

When you save the information, the module will attempt to authenticate using this information. If successful, you're ready to go!

API Functions

The Google Auth module doesn't provide any services directly to users; rather, it provides an API that can be called by other modules. The API functions are as follows:

  1. gauth_client_get($account_name) This function will return a Google_client object. You can use this client object to make api requests. You can pass an account array instead of $account_name, which should contain values for client_id, client_secret, developer_key, access_token.

  2. gauth_account_load($account_name) This functions return a account variable which will contain values for client_id, client_secret key, developer_key, services, and, importantly the access_token. You can use these variables to create a Google client object and make services calls, depending on the services enabled for the account.

  3. gauth_account_delete($account_name) This function will allow you to delete an existing managed account from a Backdrop site. Note: No google account will be deleted.

  4. gauth_account_save($account_array) This function will allow you to save any existing managed account or create a new account in a Backdrop site. It expects an array of account data with values for:

    • id -- if you want to update the account
    • name -- Name of the account
    • client_id -- Client Id of the account
    • client_secret -- Clients secret key
    • developer_key -- API Key of the account
    • services -- Array or comma(,) separated string that has a list of services. Names should be given as their lower-case keys, e.g., "calendar,drive"; refer to function gauth_google_services_names() in the module for these names. Note: An account saved or created using this api will not be authenticated; you will need to call gauth_account_authenticate().

  5. gauth_account_authenticate($account_name) This function allows you to authenticate the account with Google and get an access token from Google.

  6. gauth_account_token_revoke($account_name) This function allows you to unauthenticate the account with Google i.e., revoke access token from accessing Google services.

  7. gauth_account_is_authenticated($account_name) This function checks whether the account is authenticated or not.

Submodules

There are two submodules provided.

Google Auth Login

This module lets you add a "Sign in with Google" button to the main Backdrop login page, allowing users to log in with Google rather than entering their Backdrop user account and password.

If someone logs in with a Google account that doesn't have a corresponding user account on the site, you have the option to either reject the login or create a new user account. This choice is set in the module configuration.

Google Auth User Services

This module lets you configure particular users to be authenticated for particular Google Services.

Add a custom footer
Add a custom sidebar

Clone this wiki locally