Google Identity Integration

The processing of integrating an IdP has several steps that are common and discussed in the previous chapter. This chapter discusses steps that are specific to the Google Identity.

In order to add a new identity platform you need to do two things.

1. Register with the identity service on its website and note down value of parameters.

2. Using a sample user profile response found on its website, write the code snippet to map the user profile onto Trillo Workbench user schema.

Registering applications Google

The steps of registering with an identity service are found on its website. For the Google Identity, we have repeated here for explaining concepts using it as a sample. Each identity has similar content based on OIDC standards. It is organized differently. The current documentation of the Google Identity too may have changed, but the principle of registration would remain the same as described below.

You will start registering from the screen below navigated from the page, Configure the OAuth consent screen and choose scopes.

Consent Screen and Entering App Information

Consent Options

After creating the consent screen you have to configure the setting for the OAuth for the project. You will be providing the following data on this page below.

Consent Configuration

Once the configuration is complete the page will look as shown below. You must add one valid email (which can be identified by Google) to confirm that the workbench configuration is working end to end.

Create authorization credentials

On the credential screen click 'Create new credentials' and generate a new 'OAuth client ID'

OAuth Client ID and Credentials

You must provide an authorized redirect URI. The format of this URI will be https://your-server-name/_oauth2/callback

Your application client ID and secret will always be shown on the right-hand side of this page.

Credentials for the Web App

List of Parameters Collected During Registration

During the registration process you will collect the following parameters.

Authorization URL: https://accounts.google.com/o/oauth2/auth

Token URL: https://oauth2.googleapis.com/token

Client ID: <client id>

Client Secret: <client secret>

Redirect URL: https://api.<backend>.trilloapps.com/_oauth2/callback

Comma Separate List of Scopes: openid profile email

User Profile Registration Required? checked

User profile Info URL: https://www.googleapis.com/oauth2/v2/userinfo

User Info Transformation Function: GoogleUserProfileMapper

Post Authentication Redirect Host with Protocol: https://<FrontEnd>.trilloapps.com/cloud/auth

Logout URL: https://accounts.google.com/o/oauth2/logout

Writing Mapping Function

The next step is to write the mapping function (before you add login button to your UI). The Google's mapping function is shown below.

public class GoogleUserProfileMapper implements Loggable, TrilloFunction {

  public Object handle(ScriptParameter scriptParameter) {

    try {
      return _handle(scriptParameter);
    } catch (Exception e) {
      log().error("Failed", e);
      return Result.getFailedResult(e.getMessage());
    }
  }

  @SuppressWarnings("unchecked")
  private Object _handle(ScriptParameter scriptParameter) {
    Map<String, Object> idpUser = (Map<String, Object>)scriptParameter.getV();
    Map<String, Object> trilloUser = mapUserProfile(idpUser);
    return trilloUser;
  }
  
  private Map<String, Object> mapUserProfile(Map<String, Object> idpUser) {
    Map<String, Object> trilloUser = new LinkedHashMap<String, Object>();
    trilloUser.put("firstName", idpUser.get("given_name"));
    trilloUser.put("lastName", idpUser.get("family_name"));
    trilloUser.put("externalId", "" + idpUser.get("id"));
    trilloUser.put("pictureUrl", idpUser.get("picture"));
    trilloUser.put("emailAddress", idpUser.get("email"));
    return trilloUser;
 }
}