This package is included with pub-server. It can be activated by including it as a theme on the command line or in pub-config
.
pub -t pub-pkg-google-oauth
pub-pkg-google-oauth requires the client ID and a client secret to be specified as environment variables GID
and GCS
respectively.
export GID={client_ID}
export GCS={client_secret}
oauth requires an endpoint for the protocol to redirect to after authenticating. In addition, google will not allow a site to authenticate with oauth unless the site has been registered as a "javascript origin".
If you are using heroku, you can use your heroku app URL for this.
If you are running on your own machine over a local area network (or on wifi), you will need to configure a tunnel service like localtunnel or ngrok so that your server can be reached from the Internet.
npm install -g localtunnel
lt --port 3001 --subdomain {yourname}
In either case, once you know your app URL, you can configure pub-server and pub-pkg-google-auth to use it by
setting the APP
environment variable. E.g.
export APP=https://{yourname}.localtunnel.me
- use the google developers console and create project if you don't already have one
- under
Credentials
, create a new Client ID (type Web Application) - set the
Javascript origin
to match your app URL - set the
Redirect URI
to{your app url}/server/auth/google/callback
- note the new Client ID and Client secret
ACLs are configured using environment variables ACL_ADMIN
, ACL_EDIT
, and ACL_READ
.
These contain comma-separated lists of users.
E.g. To grant yourself admin rights, and 3 other users read access:
export ACL_ADMIN={your-email}
export ACL_READ={email-1},{email-2},{email-3}
You can also open public/anonymous access to non-protected pages by running pub -P
or setting opts.publicPages
- make sure you have set environment variables
GID
,GCS
,APP
, andACL_ADMIN
(or some otherACL_
) - start localtunnel or similar service
- start pub-server with google oauth
$ pub -t pub-pkg-google-oauth
-
now point your browser to https://{yourname}.localtunnel.me
-
when running with auth, the default behavior is to require authentication for all pages
-
if all is well you will then be able to read the markdown page in the directory where
pub
was launched. -
if you have not configured the access properly for this email you will see another login prompt
Set environment variable DISABLE_AUTH to run pub-server without authentication when this package is included.
- the heavy lifting in this package is done by passport and passport-google-oauth