Configuring Google login for Discourse

codinghorror · 2018-12-21 02:24:27 UTC

Very good, @jomaxro can you make a note to check back on that over time?

jomaxro · 2018-12-21 02:42:16 UTC

Certainly. We just got the email mentioned above - I’ll keep an eye on that issue Falco posted.

Shane_Liebling · 2018-12-23 00:26:05 UTC

Reminder: the shutdown got bumped to April and IIRC Jan 28 is when they will start deprecating parts of the API.

Nichalas_Petranek · 2018-12-24 04:03:47 UTC

I should add as a very important note that if you’re not the owner of the domain in which the Google sign in will be used, the feature will not work until ownership verification is provided by one of the following methods:

The domain owner adds you as a contributor and you are able to login, through Google’s processes, using your own credentials on the domain provider’s website.
The domain owner adds a TXT record containing a verification token given to you by Google.

I learned this the hard way just yesterday as an admin for my forum.

In case you had questions...

If you’re wondering why I’m not the owner of the domain for my forum, I wasn’t the one that initially setup the forum. At the time, I had someone that knew what they were doing get it started and I was added as an admin for customising Discourse with plugins and theme components. Its wasn’t until I took the initiative to configure a few technical things that were holding our forum back from expanding that I became a contributor to the forum domain.

RBoy · 2018-12-27 18:57:57 UTC

Could you explain this a little more? Is this similar to how Google Analytics verifies if the person generating the Google API key is the owner for the domain?

dltj · 2018-12-30 01:33:29 UTC

A fix for this was merged a few hours ago. Thanks in advance for your work getting this into Discourse.

jomaxro · 2018-12-30 02:44:07 UTC

Yep, thanks. Saw the commit. Nothing is going to happen over the weekend…

I’ll see if perhaps we can update the gem on the ember3 branch so we can test this on Meta and update the guide if needed before rolling out the change everywhere. @joffreyjaffeux, throughts?

jomaxro · 2018-12-31 20:02:15 UTC

We attempted to bump the omniauth-google-oauth2 gem today, unfortunately other dependencies had to be updated as well, which broke other parts of Discourse. Reverting the change for now, will be trying again Wednesday when I can work with an engineer.

david · 2019-01-02 16:15:57 UTC

omniauth-google-oauth2 has now been bumped to the latest version, and I’ve updated discourse-openid-connect to work with the new version of ruby-jwt.

The change is live here, and google login is still working well

dltj · 2019-01-02 14:22:50 UTC

Just confirming: there are no configuration changes or user-facing differences when using the new API? Discourse users who already used Google as an authentication mechanism are unaffected? As a Discourse admin, I don’t need to do anything with the app definition on Google’s developer site?

david · 2019-01-02 14:43:45 UTC

Correct, there are no changes required. I did not make any changes to Meta’s configuration for this change today.

The only tiny change is that you no longer need to set up the “Google+ API” when configuring the OAuth credentials. I’ve just removed that step from the instructions here. If you really want to, you can go into your google cloud console and completely disable the “Google+” API.

dltj · 2019-01-02 15:24:30 UTC

Most excellent. Thank you for your efforts, @david.

ElForoViajero · 2019-02-05 08:08:58 UTC

Hi,

I’ve received an email from google with the following info:

What do I need to know?

On March 7, 2019, all Google+ APIs and Google+ Sign-in will be shut down completely. This will be a progressive shutdown, with API calls starting to intermittently fail as early as January 28, 2019, and OAuth requests for Google+ scopes starting to intermittently fail as early as February 15, 2019.

What do I need to do?

Please update your projects listed below by March 7, 2019 and ensure they are no longer using Google+ APIs, or requesting Google+ OAuth scopes. The data below shows which Google+ API methods your projects have recently called, as well as Google+ OAuth scopes it has requested.

did someone else changed from google+ to sign in?

jomaxro · 2019-02-04 17:22:47 UTC

There’s nothing you need to do here. We updated Discourse to support the current Google authentication standard. All you need to do is ensure your instance is up to date. As @david said: