Search Results :

×

Google Drupal SSO Login integration using OAuth / OpenID connect


Google Drupal OAuth / OpenID Connect integration enables SSO between the Drupal site and Google. This setup guide helps in configuring Single Sign-On (SSO) between the Drupal site and Google using the OAuth/OpenID Connect module. This module is compatible with Drupal 7, Drupal 8, Drupal 9, and Drupal 10. When you incorporate the OAuth / OpenID Connect module with the Drupal site, you can log into the Drupal site seamlessly with the Google credentials.

Installation Steps:


  • Download the module:
    composer require 'drupal/miniorange_oauth_client'
  • Navigate to Extend menu on your Drupal admin console and search for miniOrange OAuth Client Configuration using the search box.
  • Enable the module by checking the checkbox and click on the Install button.
  • You can configure the module at:
    {BaseURL}/admin/config/people/miniorange_oauth_client/config_clc
  • Install the module:
    drush en drupal/miniorange_oauth_client
  • Clear the cache:
     drush cr
  • You can configure the module at:
    {BaseURL}/admin/config/people/miniorange_oauth_client/config_clc
  • Navigate to Extend menu on your Drupal admin console and click on Install new module.
  • Install the Drupal OAuth & OpenID Connect Login - OAuth2 Client SSO Login module either by downloading the zip or from the URL of the package (tar/zip).
  • Click on Enable newly added modules.
  • Enable this module by checking the checkbox and click on install button.
  • You can configure the module at:
    {BaseURL}/admin/config/people/miniorange_oauth_client/config_clc

Set up Drupal as an OAuth Client:

  • After installing the module, navigate to the Configuration -> miniOrange OAuth Client Configuration -> Configure OAuth tab and select Google from the Select Application dropdown list.
  • Copy the Callback/Redirect URL and keep it handy.

    Note: If your provider only supports HTTPS Callback/Redirect URLs and you have an HTTP site, please make sure to enable the 'Enforce HTTPS Callback URL' checkbox at the bottom of the tab.

  • In the Display Name text field, enter the application name. For example, Google Apps
  • Drupal OAuth Client - Configure OAuth tab Select Google and copy the Callback URL

Configure SSO Application in Google:

  • Log in to the Google Developer Administrator console.
  • Select a project from the left side's top header.
  • Google Apps SSO Select Project
  • On the Select a project popup, click on the NEW PROJECT button to create a new project or choose one of the current ones to continue.
  • Google Apps SSO Create a New Project
  • In the New Project panel, enter the following information:
    • Enter the name of your project into the Project name text field.
    • Click on CREATE button to create the project.
    • Google Apps SSO Project Name Field
  • From the left navigation panel, click on APIs & Services, then Credentials.
  • Google Apps SSO Select APIs and Services then credentials
  • Click the CREATE CREDENTIALS button, and select OAuth client ID from the list of options.
  • Google Apps SSO - Click on Create Credentials button
  • If you get a warning that says, To create an OAuth Client ID, you must first set a product name on the consent screen (as shown in the image below), ignore it. Click on the CONFIGURE CONSENT SCREEN button.
  • Google Apps SSO - Click on the CONFIGURE CONSENT SCREEN
  • On the OAuth consent screen window, choose how you want to configure and register your app, select the User Type and click on CREATE button.
  • Google Apps SSO - Select User Type and Click the Create
  • Enter the following information in the Edit app registration window:
    • On the OAuth consent screen step 1, fill out the following information under App information:
      • In the App name text field, enter the name of the application.
      • Enter your email address in the User support email text field so that people can contact you with queries concerning their consent.
      • In the Developer contact information text field, type in the email address. (Its email addresses are essential for Google to notify you of any changes to your project.)
      • Google Apps SSO - Under OAuth consent screen, enter required information
    • Then, click on SAVE AND CONTINUE button.
  • On the Scopes screen, click on the ADD OR REMOVE SCOPES button.
  • Google Apps SSO - click ADD OR REMOVE SCOPES
  • Select Scopes to grant your project access to specific types of user information from their Google Account, then scroll down and click on UPDATE button.
  • Google Apps SSO - Select Scope
  • After you've finished adding scopes, click on the SAVE AND CONTINUE option.
  • Google Apps SSO Click on Save and Continue button
  • Then, from the left side panel, select the Credentials tab and click the + CREATE CREDENTIALS button.
  • Google Apps SSO select Credentials and click create credentials
  • When you click the CREATE CREDENTIALS button and choose the OAuth client ID from the drop-down menu.
  • Google Apps SSO click Credentials and select OAuth client ID
  • Enter the following information in the Create OAuth client ID window:
    • Choose Web application from the Application type dropdown menu.
    • Name: Enter the Name of your OAuth 2.0 client. (This name is just used to identify the client in the console.)
    • Authorised redirect URIs: Click the ADD URI button and paste the previously copied Callback/Redirect URL (From step 1) into the text field.
    • Google Apps SSO - In the Create OAuth client ID window, enter required information
  • Then, click on CREATE button.

Integrating Drupal with Google:

  • Navigate to the Google Developer Console.
  • Google assigns your app a unique Application ID. Copy the Client ID by clicking the copy Icon in the OAuth client Created box.
  • Google Apps - In OAuth clien Created popup, copy client ID
  • Paste the copied Client ID into the Client ID text field in Drupal's Configure OAuth tab.
  • Drupal OAuth OpenID Single Single On Paste Client ID
  • Go back to the Google Apps console and copy the Client secret by clicking on the copy Icon.
  • Google Apps console - Copy the Client Secret
  • Paste the copied Client secret into the Client Secret text field in Drupal's Configure OAuth tab.
  • Drupal OAuth single sign-on SSO - Paste Client secret

    Please confirm the Scope and Endpoints from the table below and click on the Save Configuration button

    Scope email+profile
    Authorize Endpoint https://accounts.google.com/o/oauth2/auth
    Access Token Endpoint https://www.googleapis.com/oauth2/v4/token
    Get User Info Endpoint https://www.googleapis.com/oauth2/v1/userinfo

Test Connection between Drupal and Google:

  • Click on the Perform Test Configuration button to test the connection.
  • Drupal OAuth OpenID Single Single On Click on Perform Test Configuration
  • On a Test Configuration popup, if you don't have an active session in Google on the same browser, you'll be prompted to sign in to Google. Once successfully logged in, you'll receive a list of attributes retrieved from Google.
  • Select the Email Attribute from the dropdown menu in which the user's email ID is obtained and click on the Done button.
  • Drupal OAuth OpenID Single Single On - Google Apps Attribute list
  • On the Attribute & Role Mapping tab, please select the Username Attribute from the dropdown list and click on the Save Configuration button.
  • drupal OAuth OpenID Single Single On Select Username Attribute from Attribute and Role Mapping tab

Please note: Mapping the Email Attribute is mandatory for Single Sign-on.

Congratulations! You have successfully configured Google as OAuth/OpenID Provider and Drupal as an OAuth Client.

How to perform the SSO?

  • Now, open a new browser/private window and go to your Drupal site login page.
  • Click on the Login using the Google link to initiate the SSO from Drupal.
  • If you want to add the SSO link to other pages as well, please follow the steps given in the image below:
  • Drupal OAuth OpenID Single Single-On - Add login link into different page of the Drupal site

Need Assistance?

If you face any issues during the configuration or if you want some additional features, please contact us at drupalsupport@xecurify.com.

Additional Features:

Troubleshooting:

Getting error: ‘Username not received. Check your Attribute Mapping configuration.’ OR Getting Error: ‘Email not received. Check your Attribute Mapping configuration.’
 

Follow the steps mentioned HERE

I am getting “Client Credentials were not found in the headers or body” when I try to perform test configuration
 

Follow the steps mentioned HERE

After I click on the logout in Drupal, it sends me back to the Drupal homepage. However, when I try to login with other user, it doesn’t ask me to login but automatically logs me in with same user
 

The logout functionality you’ve mentioned here is the default behavior of a module. It’s logging you out of Drupal but not from your Application/Provider. To allow the module to logout from your provider/application account (what you are looking for), you need to make the below configurations: [know more]

I purchased the paid Drupal module and replaced it with the free module, but still I am not able to use paid features.
 

As you have upgraded to one of our paid versions of the Drupal module and replaced the free module with the paid one, you must first activate the paid module. Please refer to the below steps. [Know more]

Frequently Asked Questions (FAQ)
 

[Know more]

 Case Studies
miniOrange has successfully catered to the use cases of 400+ trusted customers with its highly flexible/customizable Drupal solutions. Feel free to check out some of our unique case studies using this link.
 Other Solutions
Feel free to explore other Drupal solutions that we offer here. The popular solutions used by our trusted customers include Two Factor Authentication - 2FA, Website Security, REST & JSON API Authentication, User Provisioning and Sync. 
  24*7 Active Support
The Drupal developers at miniOrange offer quick and active support for your queries. We can assist you from choosing the best solution for your use case to deploying and maintaining the solution.
Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com