Go to “IAM and Admin” → “Service Accounts” → “Create Service Account” and set up an account. The two optional steps are not required - skip through them.
In the service account list, click into the newly created account, record the ‘unique id’ for later, then go to the “keys” tab. Create a new key with the “JSON” format and save the file for later.
Go to admin.google.com, and visit the ‘security’ section. Open ‘API Controls’, “Manage Third Party App Access”.then “Add App” ,“OAuth App Name or Client ID”. Enter the client ID of your OAuth application, then select it from the list. Run through the steps, making sure to set the application as “Trusted”. It should then appear in the list:
Go back to the ‘API Controls’ section, scroll down, and choose “Manage Domain Wide Delegation”. Choose “Add New”, and enter the client ID of the service account you created earlier. Under scopes, paste the value
In your Discourse admin panel, go to the settings tab and search for ‘google oauth2 hd’. Configure the following settings:
google oauth2 hd: the domain name of your Google Workspace
google_oauth2_hd_groups_service_account_json: paste the contents of the service account key file you generated earlier
google_oauth2_hd_groups_service_account_admin_email: enter the email address of any Google Workspace admin account. This identity will be used by the service account when fetching google group information
google oauth2 hd groups: enabled
Next time a user logs in, Discourse will fetch and store google group information behind-the-scenes.
To link a Google Group to a Discourse group, visit the group config in Discourse, and go to the Manage → Membership section. Under ‘Automatic’, you’ll see a new dropdown which allows you to link any number of Google Groups to the Discourse group:
Hi Charlie, the google oauth2 hd is from Google OIDC API (docs here). They say it is:
The domain associated with the Google Workspace or Cloud organization of the user
To give an example, if I was setting this up internally for our staff, I would set the value to discourse.org.
Yup!
Google groups will only appear in Discourse once a member of that group signs in to Discourse using google. We don’t have any system for listing them up-front.
@david I finally got it to work. I had to turn some things off. The way my site was set up, users were auto-logged in through Google Oauth. I turned that off and Discourse Connect and it worked. Unsure as to which was creating a disconnect. Once I physically logged in with Google, everything populated.
Like @John_Faig, I’m wondering if this is still experimental.
I just saw this feature and have three Google Groups that I’d like to migrate. Getting people to “change” is extremely difficult. We need good reasons to shift out of our comfort zone. Then we don’t want stumbling blocks in the process. Creating a (Discourse) login in yet another website is a hassle for people who are already vested in GG. If this feature is stable, the potential stumbling block is removed, and we can focus on providing compelling reasons for the audience to migrate.
This is experimental. The feature may change without notice.
