Google Drupal SSO Login integration using OAuth / OpenID connect

Google Drupal OAuth / OpenID Connect integration enables SSO between the Drupal site and Google. This setup guide helps in configuring Single Sign-On (SSO) between the Drupal site and Google using the OAuth/OpenID Connect module. This module is compatible with Drupal 7, Drupal 8, Drupal 9, and Drupal 10. When you incorporate the OAuth / OpenID Connect module with the Drupal site, you can log into the Drupal site seamlessly with the Google credentials.

Set up Drupal as an OAuth Client:

• After installing the module, navigate to the Configuration -> miniOrange OAuth Client Configuration -> Configure OAuth tab and select Google from the Select Application dropdown list.
• Copy the Callback/Redirect URL and keep it handy.

  Please Note: If you have an HTTP Drupal site, and Google enforces the HTTPS Redirect URI. Please navigate to the Sign In Settings tab of the module and set the base URL of the site with HTTPS in the Base URL text field.

• In the Display Name text field, enter the application name. For example, Google Apps

Configure SSO Application in Google:

• Log in to the Google Developer Administrator console.
• Select a project from the left side's top header.

• On the Select a project popup, click on the NEW PROJECT button to create a new project or choose one of the current ones to continue.

• In the New Project panel, enter the following information:
• Enter the name of your project into the Project name text field.
• Click on CREATE button to create the project.

• From the left navigation panel, click on APIs & Services, then Credentials.

• Click the CREATE CREDENTIALS button, and select OAuth client ID from the list of options.

• If you get a warning that says, To create an OAuth Client ID, you must first set a product name on the consent screen (as shown in the image below), ignore it. Click on the CONFIGURE CONSENT SCREEN button.

• On the OAuth consent screen window, choose how you want to configure and register your app, select the User Type and click on CREATE button.

• Enter the following information in the Edit app registration window:
• On the OAuth consent screen step 1, fill out the following information under App information:
• In the App name text field, enter the name of the application.
• Enter your email address in the User support email text field so that people can contact you with queries concerning their consent.
• In the Developer contact information text field, type in the email address. (Its email addresses are essential for Google to notify you of any changes to your project.)

• Then, click on SAVE AND CONTINUE button.
• On the Scopes screen, click on the ADD OR REMOVE SCOPES button.

• Select Scopes to grant your project access to specific types of user information from their Google Account, then scroll down and click on UPDATE button.

• After you've finished adding scopes, click on the SAVE AND CONTINUE option.

• Then, from the left side panel, select the Credentials tab and click the + CREATE CREDENTIALS button.

• When you click the CREATE CREDENTIALS button and choose the OAuth client ID from the drop-down menu.

• Enter the following information in the Create OAuth client ID window:
• Choose Web application from the Application type dropdown menu.
• Name: Enter the Name of your OAuth 2.0 client. (This name is just used to identify the client in the console.)
• Authorised redirect URIs: Click the ADD URI button and paste the previously copied Callback/Redirect URL (From step 1) into the text field.

• Then, click on CREATE button.

Integrating Drupal with Google:

• Navigate to the Google Developer Console.
• Google assigns your app a unique Application ID. Copy the Client ID by clicking the copy Icon in the OAuth client Created box.

• Paste the copied Client ID into the Client ID text field in Drupal's Configure OAuth tab.

• Go back to the Google Apps console and copy the Client secret by clicking on the copy Icon.

• Paste the copied Client secret into the Client Secret text field in Drupal's Configure OAuth tab.


Please confirm the Scope and Endpoints from the table below and click on the Save Configuration button

Scope	email+profile
Authorize Endpoint	https://accounts.google.com/o/oauth2/auth
Access Token Endpoint	https://www.googleapis.com/oauth2/v4/token
Get User Info Endpoint	https://www.googleapis.com/oauth2/v1/userinfo

Test Connection between Drupal and Google:

• Click on the Perform Test Configuration button to test the connection.

• On a Test Configuration popup, if you don't have an active session in Google on the same browser, you'll be prompted to sign in to Google. Once successfully logged in, you'll receive a list of attributes retrieved from Google.
• Select the Email Attribute from the dropdown menu in which the user's email ID is obtained and click on the Done button.

• On the Attribute & Role Mapping tab, please select the Username Attribute from the dropdown list and click on the Save Configuration button.

Please note: Mapping the Email Attribute is mandatory for Single Sign-on.

Congratulations! You have successfully configured Google as OAuth/OpenID Provider and Drupal as an OAuth Client.

How to perform the SSO?

• Now, open a new browser/private window and go to your Drupal site login page.
• Click on the Login using the Google link to initiate the SSO from Drupal.
• If you want to add the SSO link to other pages as well, please follow the steps given in the image below: