Configure Onyx to use Google OAuth for user authentication, providing a seamless login experience through existing Google accounts. Prerequisites:

Guide

1

Create Google Cloud Project

Navigate to the Google Cloud Console Project Creation page and fill in the required fields.Google Cloud Console Project Creation Page
2

Enable Google People API

Navigate to APIs & Services and find Google People API.Ensure your newly created project is selected in the top bar and click Enable.Google Cloud Console People API Enable Page
3

Create Google Auth Platform

Open the left sidebar and navigate to APIs & ServicesOAuth Consent Screen.Once on the Overview page, click Get Started.Google Cloud Console OAuth Consent Screen Page
4

Configure OAuth Project & Consent Screen

Fill in the App name and User support email fields.Select your Audience. If you have a Google Workspace organization, select Internal. If not, select External.
If you select External, you will need to add your users manually in the Audience tab under Test users.
Fill in any othe required fields and finalize the configuration.
5

Create OAuth Client

Navigate to APIs & ServicesOAuth Consent ScreenClients page.Click ”+ Create Client” and select Web Application.Google Cloud Console OAuth Client Creation Page
6

Configure OAuth Client

Name: OnyxAuthorized JavaScript origins and Authorized redirect URIs depend on your deployment environment.If hosting Onyx locally use:
http://localhost:3000
http://localhost:3000/auth/oauth/callback
If hosting Onyx on a custom domain use:
https://YOUR_ONYX_DOMAIN.com
https://YOUR_ONYX_DOMAIN.com/auth/oauth/callback
Google Cloud Console OAuth Client Creation Page
Make sure the URIs you enter here match the URI you use to access Onyx!
7

Save OAuth Credentials

Click CreateDownload JSON to save the OAuth client credentials. Alternatively, save the Client ID and Client Secret to a password or secrets manager.
8

Configure Onyx

Configure Onyx with the following environment variables in your .env or values.yaml file (Docker and Kubernetes, respectively).
.env
AUTH_TYPE=google_oauth
OAUTH_CLIENT_ID=YOUR_CLIENT_ID
OAUTH_CLIENT_SECRET=YOUR_CLIENT_SECRET

# If you are deploying to a custom domain, you will need to set the `WEB_DOMAIN` environment variable.
WEB_DOMAIN=https://YOUR_ONYX_DOMAIN.com
If you’re using Docker but don’t have a .env file, copy onyx/deployment/docker_compose/env.prod.template to a new .env file in the same directory.
values.yaml
auth:
  secrets:
    OAUTH_CLIENT_ID: <CLIENT_ID_FROM_GOOGLE>
    OAUTH_CLIENT_SECRET:<CLIENT_SECRET_FROM_GOOGLE>
configMap:
  AUTH_TYPE: google_oauth