====== Google Authentication Plugin ======

---- plugin ----
description: Authentication with Google accounts using OAuth 2.0
author     : Andrew Kornienko
email      : ant@kaula.ru
type       : auth, action
lastupdate : 2014-09-27
compatible : Weatherwax, Binky, Ponder Stibbons, Hrun
depends    : 
conflicts  : 
similar    : 
tags       : authentication, oauth, google, sso

downloadurl: https://github.com/kettari/authgoogle/archive/master.tar.gz
bugtracker : https://github.com/kettari/authgoogle/issues
sourcerepo : https://github.com/kettari/authgoogle
donationurl: # Please send your donations here: https://www.dokuwiki.org/donate

screenshot_img : 
----

===== Description =====

Google Authentication Plugin allows to sign in to DokuWiki using [[https://developers.google.com/accounts/docs/OAuth2Login|OAuth 2.0 protocol provided by Google]].

==== Features ====

  * Uses OAuth 2.0 protocol provided by Google. Does not ask nor store any passwords;
  * Allows to restrict allowed domains and email accounts;
  * Allows to specify additional user groups for users authenticated with this plugin.

===== Installation =====

==== Before you begin ====

:!: **External requirements:** This plugin requires the following additional actions to be done: 
  * Register Google Application at the [[https://cloud.google.com/console/project|Google Developer Console]]

==== Register application at the Google Developer Console  ====

  - Open [[https://cloud.google.com/console/project|Google Developer Console]] in your browser and log in into your Google Account. If you do not have Google Account yet, it is good time to create one.
  - Click **Create project...** (you may see the page like this http://snag.gy/MZaOh.jpg).
  - Fill new project form, give some name and project ID (see http://snag.gy/Ipmxr.jpg).
    * :!: Google may ask you to confirm you contact phone with SMS or callback. "Evil Corporation" define their own rules. It's up to you to decide :)
  - Open menu **APIs & auth** -> **Credentials** (see http://snag.gy/ZuLfU.jpg)
  - Form "**Create Client ID**" will be opened. Fill it:
    * **Application type:** (required) choose "Web application";
    * **Authorized JavaScript Origins** enter your hostname (make sure http or https is the same for both settings). For example: <code>http://www.your-domain.com</code>
    * **Authorized Redirect URIs** enter these lines: <code>
http://www.your-domain.com/doku.php?id=start&do=login
http://www.your-domain.com/start?do=login
http://your-domain.com/doku.php?id=start&do=login
http://your-domain.com/start?do=login
http://www.your-domain.com/doku.php/start?do=login
http://your-domain.com/doku.php/start?do=login
</code> Instead of "your-domain" put your actual hostname where DokuWiki is installed. :!: **Note:** if your DokuWiki is accesed with HTTPS then enter the URI with **https**, not **http**.
  - Click "Create client ID" button.
  - Now you have page with all required information for plugin setup. You will need two values from here: **Client ID** and **Client secret**.
  - Open menu **APIs & auth** -> **Consent screen**.
  - Fill "PRODUCT NAME" and e-mail address as well, or you can get this error http://stackoverflow.com/questions/18677244/error-invalid-client-no-application-name.

==== Plugin installation ====

  - Search and install the plugin using the [[plugin:extension|Extension Manager]]. Refer to [[:Plugins]] on how to install plugins manually.
  - :!: Go to the Settings page and set the "[[config:authtype|Authentication backend]]" to **authgoogle**.
  - Save the settings. 
    * Note: DokuWiki will log you out after this point. You may log in as Administrator with your old account.

===== Examples/Usage =====

Click "Log in" button. Below the main form will appear button "Sign in with Google". Click it, and browser will open Google authentication page. 

Here you can choose Google account for authentication and Google will ask you to approve access to your profile details required for correct logging into DokuWiki. Only name and e-mail is used. 

Please note birthdate, sex and time zone are also included in the provided details — it is standard Google behaviour, though these are not used by plugin.

===== Configuration and Settings =====

All settings are available on the standard DokuWiki "Settings" page:
  * **Allowed email domains:** allowed email addresses and/or domains, separated by space. You can allow only certain domains to be used as authentication provider. For example, corporation "Example" has Google Apps for Business and wants only corporate users to login; also allow CEO to use his home email: "*@example.com ceo_home_example@gmail.com". Default: "*" (all domains, all addresses).
  * **GoogleAPI Client ID** and **GoogleAPI Client Secret**: info generated by Google when you register your application (see [[#Installation]]).
  * **Default groups:** default groups for **new users** separated by space. New user will be assigned these groups. May be useful to assign some specific roles for users authenticated with Google. **ATTENTION:** Overwrites default configuration setting [[config:defaultgroup]] if set. So if you add some group here, probably you want also add default group "user". Default: (empty)

===== Development =====

==== Credits ====

  * Sponsored by [[http://kaula.ru/|School of Kaula Yoga]], contact [[ant@kaula.ru|Andrew Kornienko]] ([[user>ant]]).
  * Developed by [[http://sentryperm.com/|Artyom]], contact [[sentryperm@gmail.com]]

This plugin was developed for corporate use and is licensed the same way as DokuWiki itself.

If you want to contribute, please feel free to contact the sponsor. Source code is available at the GitHub (see links above).

==== Change Log ====

{{rss>https://github.com/kettari/authgoogle/commits/master.atom date}}

==== Known Bugs and Issues ====

Please report bugs and issues here (with label **bug**): [[https://github.com/kettari/authgoogle/issues]].

==== ToDo/Wish List ====

No TODOs yet. To suggest enhancement please refer here (with label **enhancement**): [[https://github.com/kettari/authgoogle/issues]].

===== FAQ =====

  * Q: I've registered Google Application and installed plugin. Clicking "Sign in with Google" button and nothing happens.
  * A: Change the "[[config:authtype|Authentication backend]]" to **authgoogle**.

===== Discussion =====

Please post your questions at the DokuWiki Forum in this topic: [[https://forum.dokuwiki.org/thread/10314]]