# Google Identity Integration

In order to add a new identity platform you need to do two things.

1. Register with the identity service on its website and note down value of parameters.
2. Using a sample user profile response found on its website, write the code snippet to map the user profile onto Trillo Workbench user schema.

## Registering applications Google

The steps of registering with an identity service are found on its website. For the Google Identity, we have repeated  here for explaining concepts using it as a sample. Each identity has similar content based on OIDC standards. It is organized differently. The current documentation of the Google Identity too may have changed, but the principle of registration would remain the same as described below.

You will start registering from the screen below navigated from the page, [Configure the OAuth consent screen and choose scopes.](https://developers.google.com/workspace/guides/configure-oauth-consent)

### Consent Screen and Entering App Information

<figure><img src="https://3894296373-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MV-642lNorw6_vRdCpS%2Fuploads%2FNqEGC4XHkLrMd3udHUA6%2F2023-12-09_15-22-58.jpg?alt=media&#x26;token=f54ad80e-7fdd-4104-9e6c-76d07554add1" alt=""><figcaption><p>Consent Options</p></figcaption></figure>

After creating the consent screen you have to configure the setting for the OAuth for the project. You will be providing the following data on this page below.

<figure><img src="https://3894296373-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MV-642lNorw6_vRdCpS%2Fuploads%2FLUHSit6Y8vm9QDEawuEQ%2F2023-12-09_15-23-46.jpg?alt=media&#x26;token=4a2b72aa-b7c4-42fc-aa31-c0324f68efb1" alt=""><figcaption><p>Consent Configuration </p></figcaption></figure>

&#x20;Once the configuration is complete the page will look as shown below. You must add one valid email (which can be identified by Google) to confirm that the workbench configuration is working end to end.

### Create authorization credentials

On the credential screen click 'Create new credentials' and generate a new 'OAuth client ID'

<figure><img src="https://3894296373-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MV-642lNorw6_vRdCpS%2Fuploads%2FwmM2YygXg0NEB9gh05BE%2F2023-12-09_15-24-59.jpg?alt=media&#x26;token=5c972efa-4a55-407e-a8d9-d9c7c72cbcd7" alt=""><figcaption><p>OAuth Client ID and Credentials</p></figcaption></figure>

You must provide an authorized redirect URI.  The format of this URI will be <https://your-server-name/\\_oauth2/callback>

Your application client ID and secret will always be shown on the right-hand side of this page.

<figure><img src="https://3894296373-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MV-642lNorw6_vRdCpS%2Fuploads%2F44lQ81rmtc9WnBxtxVbz%2F2023-12-09_15-26-13.jpg?alt=media&#x26;token=71b2755d-58b4-4a77-80e5-7ca8910c8307" alt=""><figcaption><p>Credentials for the Web App</p></figcaption></figure>

### List of Parameters Collected During Registration

During the registration process you will collect the following parameters.

**Authorization URL**: <https://accounts.google.com/o/oauth2/auth>

**Token URL**: <https://oauth2.googleapis.com/token>

**Client ID**: \<client id>

**Client Secret**: \<client secret>

**Redirect URL:** <https://api.\\><backend>.trilloapps.com/\_oauth2/callback

**Comma Separate List of Scopes:** openid profile email

**User Profile Registration Required?** checked

**User profile Info URL**: <https://www.googleapis.com/oauth2/v2/userinfo>

**User Info Transformation Function:** GoogleUserProfileMapper

**Post Authentication Redirect Host with Protocol:** https\://\<FrontEnd>.trilloapps.com/cloud/auth&#x20;

**Logout URL**: <https://accounts.google.com/o/oauth2/logout&#x20>;

## Writing Mapping Function

The next step is to write the mapping function (before you add login button to your UI). The Google's mapping function is shown below.

```
public class GoogleUserProfileMapper implements Loggable, TrilloFunction {

  public Object handle(ScriptParameter scriptParameter) {

    try {
      return _handle(scriptParameter);
    } catch (Exception e) {
      log().error("Failed", e);
      return Result.getFailedResult(e.getMessage());
    }
  }

  @SuppressWarnings("unchecked")
  private Object _handle(ScriptParameter scriptParameter) {
    Map<String, Object> idpUser = (Map<String, Object>)scriptParameter.getV();
    Map<String, Object> trilloUser = mapUserProfile(idpUser);
    return trilloUser;
  }
  
  private Map<String, Object> mapUserProfile(Map<String, Object> idpUser) {
    Map<String, Object> trilloUser = new LinkedHashMap<String, Object>();
    trilloUser.put("firstName", idpUser.get("given_name"));
    trilloUser.put("lastName", idpUser.get("family_name"));
    trilloUser.put("externalId", "" + idpUser.get("id"));
    trilloUser.put("pictureUrl", idpUser.get("picture"));
    trilloUser.put("emailAddress", idpUser.get("email"));
    return trilloUser;
 }
}
```