Google SSO

Overview

Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. The service authenticates the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session.

Prerequisite

Below is the list of parameters that are required to be configured in order for the tenant to integrate Google Sign In.

NameSample ValueDescription
Client ID906946589628-idr2k5srkrl2uuq0n85uur28nv90nc6q.apps.googleusercontent.comClient ID of the partners Google console account
Client Secret7c4BEITQFtFZVtqhLnUN5wgNClient Secret of the partners Google console account
Authorized Domainsgmail.com, gooru.orgList of domains that need to be authorized for this integration. Email addresses outside of these domains will not be able to access.

Gooru will configure SSO access and share client id and secret.

Google Auth

In order to use Google SSO, client application should initiate SSO request by calling GET endpoint as like (this is sample endpoint, it may change):

https://beta.gooru.org/api/nucleus-auth-idp/v1/google?redirectURL=https://beta.gooru.org

Gooru will then redirect the to the issuer / login URL based on the client id passed in the request. If a user is not already logged in at clients application, the login page will be displayed.

Based on the claims received, the user details are verified in Gooru and the user is authenticated. Upon successful authentication, they will be redirected to Gooru homepage.