Google OAuth

When enabled then Google OAuth is displayed as an alternative login method at the SpectX login screen. Selecting the OAuth icon initiates OAuth on the same login screen.

To set up OAuth the user identity (email address) must be registered as a SpectX user. If SpectX does not find a matching user in its user database and automatic creation of user accounts is disabled then the user interaction flow falls back to the default authentication scheme via the login screen.

To enable Google OAuth authentication to obtain OAuth 2.0 web application credentials from Google

  1. Create new project “SpectX” by selecting “Create a new project” from the project drop-down
  2. Create new OAuth 2.0 credentials:
    • Select Credentials on the sidebar, then select the “OAuth consent” screen tab. Choose an Email Address, specify the Product name, and press Save.
    • Navigate to the “Create credentials” tab and select “OAuth client ID” from the “Create credentials” dropdown list.
    • Under “Application type”, select “Web application”, then specify the name of the users OAuth client ID.
    • Set the fully qualified URI of your SpectX instance or its frontend server in “Authorised redirect URIs” (e.g. http://spectx.domain.com:8388/). Specify the same URI as the wgui.googleOAuth.redirectUri configuration parameter.
    • “Create”.
  3. Register generated OAuth credentials in $SX_HOME/sxConf.json by setting the values for the client ID and client secret from the “OAuth client” popup as values for wgui.googleOAuth.clientId and wgui.googleOAuth.clientSecret. If the SpectX users are members of Google-hosted domains, Admins can facilitate additional access control to SpectX by specifying a comma-separated list of corresponding domain names as a value for the wgui.googleOAuth.hostedDomains parameter.

Example SpectX configuration excerpt:

...
    wgui.googleOAuth.clientId=123456789023-xcafebebeabcdefghklmnopqrstuxwz.apps.googleusercontent.com
    wgui.googleOAuth.clientSecret=GoOGlEaUtHeNtIcAtIoNcLiEnTsEcReT
    wgui.googleOAuth.redirectUri=http://spectx.domain.com:8388/
    wgui.googleOAuth.hostedDomains=my-company.com
...

Restart the server and the OAuth set up process is complete. Remember to register Google user identities in SpectX user database (see Managing Users and Groups). Alternatively, enable automatic user account creation by enabling the following configuration parameters:

  • wgui.googleOAuth.autoCreateAccount - boolean setting enabling automatic creation of user accounts in SpectX user database when they first log into SpectX with given authentication method. This feature is off by default

  • wgui.googleOAuth.autoCreateApiKey - boolean setting enabling automatic creation of SpectX API key for user accounts which get created automatically when they first log into SpectX with given authentication method. The setting is ignored if wgui.googleOAuth.autoCreateAccount is not set to true. The default value for this setting is false.