Configuring Flipt to enable login with Google via OIDC
require
authenticationconfig.yml
config.yml
in the current directory.
This file will tell Flipt to increase its logging level to the maximum to aid in debugging.
It will also set authentication as required = true
.
This is needed to ensure that Flipt enforces its APIs and must be provided with a credential of some sort to gain access.
config.yml
file into the running container.
This will start Flipt as a process in the foreground of your current terminal session.
You can stop Flipt by entering ctrl+C
.
This particular command forwards your localhost port 8080
into the container’s localhost port 8080
.
The 8080
port is the default for Flipt’s HTTP service and can be changed via the server
configuration parameter.
openid
.
You can additionally choose to support both:
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile
internal
or
external
. We recommend internal
as that way only your internal Google
workspace users can access Flipt.+ Create Credentials
.
OAuth client ID
type and you will be taken to an input form (like the one below).
Select the Web application
option when prompted to select an Application type
.
Once selected you will be presented with more input options.
Web application
Flipt
(something to identify the purpose of the credentials)+ ADD URI
.
Don’t get this confused with Authorized JavaScript originsThis will present us with an input box which we will populate with the following value:
http://localhost:8080/auth/v1/method/oidc/google/callback
is the redirect URL for your local running instance.
In a production environment, you would replace the domain part of the URI with the public address of your Flipt instance.
Create
.google
provider to config.yml
config.yml
we created in the beginning of the guide.
Now we’re going to update your configuration with the details we obtained from Google.
The configuration below does the following for Flipt:
google
oidc
method, and it has a section called providers
.
Each key beneath the providers
section is unique and can be whatever you want.
However, the name is important as it affects the redirect_url
generated for the particular provider.
If you change this provider name from google
to something else, then you will need to update your OAuth client details in Google Cloud.
For example, changing it from google
to gcp
would result in the redirect URI changing like so:
issuer_url
, client_id
, client_secret
and redirect_address
.
The scopes
section is optional, and allows Flipt the opportunity to obtain additional details on the authenticating caller (e.g. email and profile picture).
Login with Google
you should be navigated away to your Google consent screen.
Once you grant consent, you should return to Flipt and be logged into Flipt.
localhost
.
You’re going to host it on some domain name on the public internet or within a VPN.
A few touch points will need to be updated with your new domain. For example, consider the domain https://flipt.internal.dev
.
domain
and provider redirect_address
client_secret
or your CSRF key
) into a configuration file.
Flipt supports defining configuration in its YAML file and as environment variables.
Check out our Configuration: Environment Variables section for details on how to provide configuration as environment variables.
As a quick example, both the Google provider client_secret
and the CSRF signing key
can be presented to Flipt like so: