> For the complete documentation index, see [llms.txt](https://trillo.gitbook.io/trillo-workbench/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://trillo.gitbook.io/trillo-workbench/openid-connect-oidc-for-identity/google-identity-integration.md).

# Google Identity Integration

In order to add a new identity platform you need to do two things.

1. Register with the identity service on its website and note down value of parameters.
2. Using a sample user profile response found on its website, write the code snippet to map the user profile onto Trillo Workbench user schema.

## Registering applications Google

The steps of registering with an identity service are found on its website. For the Google Identity, we have repeated  here for explaining concepts using it as a sample. Each identity has similar content based on OIDC standards. It is organized differently. The current documentation of the Google Identity too may have changed, but the principle of registration would remain the same as described below.

You will start registering from the screen below navigated from the page, [Configure the OAuth consent screen and choose scopes.](https://developers.google.com/workspace/guides/configure-oauth-consent)

### Consent Screen and Entering App Information

<figure><img src="/files/l5sB0EvxbFQ6IDrfa9Cc" alt=""><figcaption><p>Consent Options</p></figcaption></figure>

After creating the consent screen you have to configure the setting for the OAuth for the project. You will be providing the following data on this page below.

<figure><img src="/files/HKFQGBU9SojGrJM0INU4" alt=""><figcaption><p>Consent Configuration </p></figcaption></figure>

&#x20;Once the configuration is complete the page will look as shown below. You must add one valid email (which can be identified by Google) to confirm that the workbench configuration is working end to end.

### Create authorization credentials

On the credential screen click 'Create new credentials' and generate a new 'OAuth client ID'

<figure><img src="/files/pD5eMWwr7llCQKNNGISv" alt=""><figcaption><p>OAuth Client ID and Credentials</p></figcaption></figure>

You must provide an authorized redirect URI.  The format of this URI will be <https://your-server-name/\\_oauth2/callback>

Your application client ID and secret will always be shown on the right-hand side of this page.

<figure><img src="/files/nIuyRXzNftUnm9p80IQQ" alt=""><figcaption><p>Credentials for the Web App</p></figcaption></figure>

### List of Parameters Collected During Registration

During the registration process you will collect the following parameters.

**Authorization URL**: <https://accounts.google.com/o/oauth2/auth>

**Token URL**: <https://oauth2.googleapis.com/token>

**Client ID**: \<client id>

**Client Secret**: \<client secret>

**Redirect URL:** <https://api.\\><backend>.trilloapps.com/\_oauth2/callback

**Comma Separate List of Scopes:** openid profile email

**User Profile Registration Required?** checked

**User profile Info URL**: <https://www.googleapis.com/oauth2/v2/userinfo>

**User Info Transformation Function:** GoogleUserProfileMapper

**Post Authentication Redirect Host with Protocol:** https\://\<FrontEnd>.trilloapps.com/cloud/auth&#x20;

**Logout URL**: <https://accounts.google.com/o/oauth2/logout&#x20>;

## Writing Mapping Function

The next step is to write the mapping function (before you add login button to your UI). The Google's mapping function is shown below.

```
public class GoogleUserProfileMapper implements Loggable, TrilloFunction {

  public Object handle(ScriptParameter scriptParameter) {

    try {
      return _handle(scriptParameter);
    } catch (Exception e) {
      log().error("Failed", e);
      return Result.getFailedResult(e.getMessage());
    }
  }

  @SuppressWarnings("unchecked")
  private Object _handle(ScriptParameter scriptParameter) {
    Map<String, Object> idpUser = (Map<String, Object>)scriptParameter.getV();
    Map<String, Object> trilloUser = mapUserProfile(idpUser);
    return trilloUser;
  }
  
  private Map<String, Object> mapUserProfile(Map<String, Object> idpUser) {
    Map<String, Object> trilloUser = new LinkedHashMap<String, Object>();
    trilloUser.put("firstName", idpUser.get("given_name"));
    trilloUser.put("lastName", idpUser.get("family_name"));
    trilloUser.put("externalId", "" + idpUser.get("id"));
    trilloUser.put("pictureUrl", idpUser.get("picture"));
    trilloUser.put("emailAddress", idpUser.get("email"));
    return trilloUser;
 }
}
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://trillo.gitbook.io/trillo-workbench/openid-connect-oidc-for-identity/google-identity-integration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.