Setting up the Google Cloud App

Create a google project: https://console.cloud.google.com/projectcreate

Enabling the People API

Enable the Google People API here: https://console.cloud.google.com/apis/library/people.googleapis.com

Be sure to have the right project selected.

Go to APIs & Services on the left hand tab (see image below).

Then select OAuth Consent screen page.

Under OAuth Consent screen select either Internal or External

  • Companies with a Google Workspace should choose Internal
  • Otherwise choose External

On the next page:

  • Provide an app name (can go with Onyx)
  • Provide any email you own (or founders@onyx.app if you want us to handle questions from your Onyx users)
  • Upload the Onyx logo (or leave blank)
  • The Developer contact information can be any email you own (or again, founders@onyx.app)

Leave the optional fields blank

Click SAVE AND CONTINUE

Leave the next two pages for Scopes and Test users blank.

Setting up Credentials

Still under APIs & Services, go to Credentials on the left hand bar

Click on +CREATE CREDENTIALS and choose OAuth client ID

Select Web application then call it Onyx

Add a Authorized JavaScript origins as:

  • http://localhost:3000 for local or replace with https://<WEB_DOMAIN> (e.g. https://www.onyx.app) if setting up for prod.

Add a Authorized redirect URIs as:

  • http://localhost:3000/auth/oauth/callback for local setup or https://<WEB_DOMAIN>/auth/oauth/callback if setting up for prod.

Click CREATE and save the Client ID and Client Secret for use in the next section

Turning on OAuth in Onyx

OAuth is controlled by 3 environment variables, regardless of deployment choice (non-containerized, docker compose, kubernetes). To turn the feature on set:

  • AUTH_TYPE=google_oauth
  • OAUTH_CLIENT_ID=<your client id from above>
  • OAUTH_CLIENT_SECRET=<your client secret from above>
  • If setting up in production, then:
    • WEB_DOMAIN=<your domain including protocol e.g. https://www.onyx.app>

Non Containerized

Simply set the above environment variables when running the different Onyx processes.

  • The backend api server uses the 3 environment variables
  • The frontend hits the api server to determine what user authentication setting is configured and serves the relevant pages.

Docker Compose

Simply set the 4 environment variables in a file called .env under onyx/deployment/docker_compose.

Kubernetes

Kubernetes deployment was designed for production use and assumes that user Auth is a required feature therefore it is on by default. To set up the required values, replace the REPLACE-THIS values in secrets.yaml with thebase64 encoded client ID and client secret from above.

Basic Auth SetupOIDC/SAML Setup