Table of Contents
Google Authentication Plugin
Google Authentication Plugin allows to sign in to DokuWiki using OAuth 2.0 protocol provided by Google.
- Uses OAuth 2.0 protocol provided by Google. Does not ask nor store any passwords;
- Allows to restrict allowed domains and email accounts;
- Allows to specify additional user groups for users authenticated with this plugin.
Before you begin
External requirements: This plugin requires the following additional actions to be done:
- Register Google Application at the Google Developer Console
Register application at the Google Developer Console
- Open Google Developer Console in your browser and log in into your Google Account. If you do not have Google Account yet, it is good time to create one.
- Click Create project… (you may see the page like this http://snag.gy/MZaOh.jpg).
- Fill new project form, give some name and project ID (see http://snag.gy/Ipmxr.jpg).
- Google may ask you to confirm you contact phone with SMS or callback. “Evil Corporation” define their own rules. It's up to you to decide :)
- Open menu APIs & auth → Credentials (see http://snag.gy/ZuLfU.jpg)
- Form “Create Client ID” will be opened. Fill it:
- Application type: (required) choose “Web application”;
- Authorized Redirect URIs enter these lines:
http://www.your-domain.com/doku.php?id=start&do=login http://www.your-domain.com/start?do=login http://your-domain.com/doku.php?id=start&do=login http://your-domain.com/start?do=login http://www.your-domain.com/doku.php/start?do=login http://your-domain.com/doku.php/start?do=login
Instead of “your-domain” put your actual hostname where DokuWiki is installed. Note: if your DokuWiki is accesed with HTTPS then enter the URI with https, not http.
- Click “Create client ID” button.
- Now you have page with all required information for plugin setup. You will need two values from here: Client ID and Client secret.
- Open menu APIs & auth → Consent screen.
- Fill “PRODUCT NAME” and e-mail address as well, or you can get this error http://stackoverflow.com/questions/18677244/error-invalid-client-no-application-name.
- Go to the Settings page and set the “Authentication backend” to authgoogle.
- Save the settings.
- Note: DokuWiki will log you out after this point. You may log in as Administrator with your old account.
Click “Log in” button. Below the main form will appear button “Sign in with Google”. Click it, and browser will open Google authentication page.
Here you can choose Google account for authentication and Google will ask you to approve access to your profile details required for correct logging into DokuWiki. Only name and e-mail is used.
Please note birthdate, sex and time zone are also included in the provided details — it is standard Google behaviour, though these are not used by plugin.
Configuration and Settings
All settings are available on the standard DokuWiki “Settings” page:
- Allowed email domains: allowed email addresses and/or domains, separated by space. You can allow only certain domains to be used as authentication provider. For example, corporation “Example” has Google Apps for Business and wants only corporate users to login; also allow CEO to use his home email: “*@example.com email@example.com”. Default: “*” (all domains, all addresses).
- GoogleAPI Client ID and GoogleAPI Client Secret: info generated by Google when you register your application (see Installation).
- Default groups: default groups for new users separated by space. New user will be assigned these groups. May be useful to assign some specific roles for users authenticated with Google. ATTENTION: Overwrites default configuration setting defaultgroup if set. So if you add some group here, probably you want also add default group “user”. Default: (empty)
This plugin was developed for corporate use and is licensed the same way as DokuWiki itself.
If you want to contribute, please feel free to contact the sponsor. Source code is available at the GitHub (see links above).
- Merge pull request #45 from Rvice/master (2017-04-21 18:07)
- Actual fix (2017-04-21 17:23)
- Fix for Issues #42 and part of issue #38 (2017-04-21 17:17)
- Merge pull request #35 from ATMartin/master (2017-02-22 10:56)
- Fix open if statement & unnecessary whitespace. (2016-05-05 20:04)
- Add patch to redirect to desired page after login/reauth. (2015-12-28 09:20)
- Merge pull request #34 from joska/master (2015-11-10 11:49)
- fix: redirecting the user to authenticate again, if the access token … (2015-08-02 01:06)
Known Bugs and Issues
Please report bugs and issues here (with label bug): https://github.com/kettari/authgoogle/issues.
No TODOs yet. To suggest enhancement please refer here (with label enhancement): https://github.com/kettari/authgoogle/issues.
- Q: I've registered Google Application and installed plugin. Clicking “Sign in with Google” button and nothing happens.
- A: Change the “Authentication backend” to authgoogle.
Please post your questions at the DokuWiki Forum in this topic: https://forum.dokuwiki.org/thread/10314