A Magda Authentication Plugin for Google
Requires MAGDA version 0.0.58 or above.
To deploy the authentication plugin with your MAGDA instance, please check MAGDA Gateway Helm Chart Document.
- Add the auth plugin as a Helm Chart Dependency
- name: magda-auth-google
version: "2.0.0" # or put the latest version number here
repository: "oci://ghcr.io/magda-io/charts"Since v2.0.0, we use Github Container Registry as our official Helm Chart & Docker Image release registry.
- Config the auth plugin with googleClientId:
magda-auth-google:
googleClientId: xxxxxx- Config Gatway to add the auth plugin to Gateway's plugin list (More details see here)
gateway:
authPlugins:
- key: "google"
baseUrl: http://magda-auth-google- Create a secret
oauth-secretsin your deployment Magda namespace with the correct value forgoogle-client-secretkey
-
Open Google Cloud Console
-
Go to
Credentials (APIs and Services) -
Create an OAuth 2.0 Client IDs
The Authorised redirect URIs should be: https://my-magda.com/auth/login/plugin/google/return
Here my-magda.com is the domain you serve magda from. It should match helm chart config global.externalUrl.
Homepage: https://github.com/magda-io/magda-auth-google
Kubernetes: >= 1.14.0-0
| Repository | Name | Version |
|---|---|---|
| oci://ghcr.io/magda-io/charts | magda-common | 2.1.1 |
| Key | Type | Default | Description |
|---|---|---|---|
| authPluginConfig.authenticationMethod | string | "IDP-URI-REDIRECTION" |
The authentication method of the plugin. Support values are:
|
| authPluginConfig.iconUrl | string | "/icon.svg" |
the display icon URL of the auth plugin. |
| authPluginConfig.key | string | "google" |
the unique key of the auth plugin. Allowed characters: [a-zA-Z0-9-] |
| authPluginConfig.loginFormExtraInfoContent | string | "" |
Optional; Only applicable when authenticationMethod = "PASSWORD". If present, will displayed the content underneath the login form to provide extra info to users. e.g. how to reset password Can support content in markdown format. |
| authPluginConfig.loginFormExtraInfoHeading | string | "" |
Optional; Only applicable when authenticationMethod = "PASSWORD". If present, will displayed the heading underneath the login form to provide extra info to users. e.g. how to reset password |
| authPluginConfig.loginFormPasswordFieldLabel | string | "Password" | Optional; Only applicable when authenticationMethod = "PASSWORD". |
| authPluginConfig.loginFormUsernameFieldLabel | string | "Username" | Optional; Only applicable when authenticationMethod = "PASSWORD". |
| authPluginConfig.name | string | "Google" |
the display name of the auth plugin. |
| authPluginConfig.qrCodeAuthResultPollUrl | string | "" |
Only applicable & compulsory when authenticationMethod = "QR-CODE". The url that is used by frontend to poll the authentication processing result. See Authentication Plugin Specification for more details |
| authPluginConfig.qrCodeExtraInfoContent | string | "" |
Only applicable & compulsory when authenticationMethod = "QR-CODE". If present, will displayed the content underneath the login form to provide extra info to users. e.g. how to download moile app to scan the QR Code. Can support content in markdown format. |
| authPluginConfig.qrCodeExtraInfoHeading | string | "" |
Only applicable & compulsory when authenticationMethod = "QR-CODE". If present, will displayed the heading underneath the QR Code image to provide extra instruction to users. e.g. how to download moile app to scan the QR Code |
| authPluginConfig.qrCodeImgDataRequestUrl | string | "" |
Only applicable & compulsory when authenticationMethod = "QR-CODE". The url that is used by frontend client to request auth challenge data from the authentication plugin. See Authentication Plugin Specification for more details |
| authPluginRedirectUrl | string | nil |
the redirection url after the whole authentication process is completed. Authentication Plugins will use this value as default. The following query paramaters can be used to supply the authentication result:
global.authPluginRedirectUrl. Unless you want to have a different value only for this auth plugin, you shouldn't set this value. |
| autoscaler.enabled | bool | false |
turn on the autoscaler or not |
| autoscaler.maxReplicas | int | 3 |
|
| autoscaler.minReplicas | int | 1 |
|
| autoscaler.targetCPUUtilizationPercentage | int | 80 |
|
| defaultAdminUserId | string | "00000000-0000-4000-8000-000000000000" |
which system account we used to talk to auth api The value of this field will only be used when global.defaultAdminUserId has no value |
| defaultImage.imagePullSecret | bool | false |
|
| defaultImage.pullPolicy | string | "IfNotPresent" |
|
| defaultImage.repository | string | "ghcr.io/magda-io" |
|
| global | object | {"authPluginAllowedExternalRedirectDomains":[],"authPluginRedirectUrl":"/sign-in-redirect","externalUrl":"","image":{},"rollingUpdate":{}} |
only for providing appropriate default value for helm lint |
| global.authPluginAllowedExternalRedirectDomains | list | [] |
By default, at end of authentication process, an auth plugin will never redirect the user to an external domain, even if authPluginRedirectUrl is configured to an URL with an external domain. Unless an external domain is added to the whitelist i.e. this authPluginAllowedExternalRedirectDomains config, any auth plugins will always ignore the domain part of the url (if supplied) and only redirect the user to the URL path under the current domain. Please note: you add a url host string to this list. e.g. "abc.com:8080" |
| googleClientId | string | nil |
Google Client Id. You must provide this value to make this plugin work Besides, this id. You also need to provide googleClientSecret via secret oauth-secrets (key: google-client-secret). You can use Magda Create Secret Tool to create this secret. |
| image.name | string | "magda-auth-google" |
|
| replicas | int | 1 |
no. of initial replicas |
| resources.limits.cpu | string | "50m" |
|
| resources.requests.cpu | string | "10m" |
|
| resources.requests.memory | string | "30Mi" |