2. Setup OAuth

Below information is to set up anyone of the oAuth for Roost Control Plane

Google Auth Client Setup

• Integrating Google Sign-In into your web app  |  Google Sign-In for Websites  |  Google Developers

• Login to https://console.cloud.google.com/apis/credentials

• Create Credentials, Select OAuth Client and Application Type as Web Application

• Add Authorized JavaScript Origin as

  • https://roostapi.roost.io:60001

  • https://<DNS_NAME

  • http://localhost:3000

  • http://localhost:4200

• Add Authorized redirect URIs

  • https://<DNS_NAME>/login

  • https://<DNS_NAME>/api/auth/redirect/google

  • https://roostapi.roost.io:60001/auth/redirect/google

• Download the JSON

• Make a note of the Google Client ID and the Client Secret (It is needed later in the config below)

OKTA Auth Client Setup

• Sign in to your OKTA account with admin privileges (If you do not have an existing Okta account, then sign-up at Home | Okta Developer )

• From the left navigation menu, go to Applications -> Applications.

• Select Create App Integration → OIDC - OpenID Connect → Web Application, then click Next

• Fill in the suitable App integration name, upload the logo.

• Add Sign-in redirect URIs

  • https://<DNS_NAME>/login

  • https://<DNS_NAME>/api/auth/login/okta

  • https://roostapi.roost.io:60001/auth/redirect/okta

• Allow Access to users thru Assignments → Controlled Access

  • Select the groups of users or Allow access to everyone

• Save and Make a note of the Okta Client ID and the Client Secret (It is needed later in the config below)

• From the left navigation menu, go to Security -> API

• Make a note of Issuer URI for default Authorization Server

  • something like https://{your_domain}.okta.com/oauth2/default