coryHawkvelt/gatehouse-api
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

google login works

Browse Source
This commit is contained in:
Cory Hawklvelt
2026-01-21 03:09:46 +10:30
parent 4cf4a27c9a
commit ae2421763a
8 changed files with 2744 additions and 173 deletions
Download Patch File Download Diff File Expand all files Collapse all files
scripts/README.md
+340
View File
@@ -0,0 +1,340 @@
# Gatehouse Scripts
This directory contains utility scripts for managing and configuring Gatehouse.
## OAuth Provider Configuration Script
The [`configure_oauth_provider.py`](configure_oauth_provider.py:1) script allows administrators to easily configure OAuth providers at the application level.
### Overview
This script manages application-wide OAuth provider configurations using the new [`ApplicationProviderConfig`](../gatehouse_app/models/authentication_method.py:99) architecture. Unlike the deprecated organization-specific configuration, this allows users to authenticate with OAuth providers without needing to specify an organization first.
### Prerequisites
- Python 3.8+
- Virtual environment with dependencies installed
- Flask app must be properly configured (`.env` or environment variables)
### Quick Start
```bash
# Activate virtual environment
cd gatehouse-api
source .venv/bin/activate
# Create Google OAuth configuration
python scripts/configure_oauth_provider.py create google \
--client-id "YOUR_CLIENT_ID" \
--client-secret "YOUR_CLIENT_SECRET" \
--redirect-url "http://localhost:5173/auth/callback"
# List all configured providers
python scripts/configure_oauth_provider.py list
# Show provider details
python scripts/configure_oauth_provider.py show google
```
### Commands
#### `create` - Create a New Provider
Create a new OAuth provider configuration at the application level.
```bash
python scripts/configure_oauth_provider.py create PROVIDER [OPTIONS]
```
**Arguments:**
- `PROVIDER`: Provider type (google, github, microsoft)
**Options:**
- `--client-id TEXT`: OAuth client ID (required, or via environment)
- `--client-secret TEXT`: OAuth client secret (required, or via environment)
- `--redirect-url TEXT`: Default redirect URL for callbacks
- `--disabled`: Create provider in disabled state
- `--settings KEY=VALUE`: Custom settings (can be specified multiple times)
**Examples:**
```bash
# Basic Google configuration
python scripts/configure_oauth_provider.py create google \
--client-id "xxx.apps.googleusercontent.com" \
--client-secret "GOCSPX-xxx"
# With redirect URL
python scripts/configure_oauth_provider.py create google \
--client-id "xxx" \
--client-secret "yyy" \
--redirect-url "https://app.example.com/auth/callback"
# Create disabled initially
python scripts/configure_oauth_provider.py create github \
--client-id "xxx" \
--client-secret "yyy" \
--disabled
# With custom settings
python scripts/configure_oauth_provider.py create google \
--client-id "xxx" \
--client-secret "yyy" \
--settings "hosted_domain=example.com" \
--settings "prompt=consent"
```
#### `update` - Update Existing Provider
Update an existing OAuth provider configuration.
```bash
python scripts/configure_oauth_provider.py update PROVIDER [OPTIONS]
```
**Arguments:**
- `PROVIDER`: Provider type to update
**Options:**
- `--client-id TEXT`: New OAuth client ID
- `--client-secret TEXT`: New OAuth client secret
- `--redirect-url TEXT`: New default redirect URL
- `--enabled true|false`: Enable or disable the provider
- `--settings KEY=VALUE`: Custom settings to update
**Examples:**
```bash
# Update client credentials
python scripts/configure_oauth_provider.py update google \
--client-id "new-client-id" \
--client-secret "new-secret"
# Enable/disable provider
python scripts/configure_oauth_provider.py update google --enabled false
python scripts/configure_oauth_provider.py update google --enabled true
# Update redirect URL
python scripts/configure_oauth_provider.py update google \
--redirect-url "https://new-domain.com/auth/callback"
```
#### `list` - List All Providers
List all configured OAuth providers with their status.
```bash
python scripts/configure_oauth_provider.py list
```
**Example Output:**
```
Configured OAuth Providers
google - enabled
Client ID: 972920496362-xxx.apps.googleusercontent.com
Redirect URL: https://app.example.com/auth/callback
Created: 2026-01-20T13:00:00
Auth URL: https://accounts.google.com/o/oauth2/v2/auth
Scopes: openid, profile, email
github - disabled
Client ID: Iv1.xxx
Created: 2026-01-19T10:00:00
Auth URL: https://github.com/login/oauth/authorize
Scopes: read:user, user:email
```
#### `show` - Show Provider Details
Display detailed information about a specific OAuth provider.
```bash
python scripts/configure_oauth_provider.py show PROVIDER
```
**Arguments:**
- `PROVIDER`: Provider type to display
**Example:**
```bash
python scripts/configure_oauth_provider.py show google
```
**Example Output:**
```
Google OAuth Provider Details
Basic Information:
Provider Type: google
Provider ID: 123e4567-e89b-12d3-a456-426614174000
Client ID: 972920496362-xxx.apps.googleusercontent.com
Status: enabled
Default Redirect URL: https://app.example.com/auth/callback
Timestamps:
Created: 2026-01-20T13:00:00
Updated: 2026-01-20T14:30:00
OAuth Configuration:
Authorization URL: https://accounts.google.com/o/oauth2/v2/auth
Token URL: https://oauth2.googleapis.com/token
User Info URL: https://openidconnect.googleapis.com/v1/userinfo
JWKS URL: https://www.googleapis.com/oauth2/v3/certs
Scopes: openid, profile, email
```
#### `delete` - Delete Provider Configuration
Remove an OAuth provider configuration.
```bash
python scripts/configure_oauth_provider.py delete PROVIDER [OPTIONS]
```
**Arguments:**
- `PROVIDER`: Provider type to delete
**Options:**
- `--yes`, `-y`: Skip confirmation prompt
**Examples:**
```bash
# Delete with confirmation prompt
python scripts/configure_oauth_provider.py delete google
# Delete without confirmation
python scripts/configure_oauth_provider.py delete google --yes
```
### Environment Variables
The script supports loading OAuth credentials from environment variables, which is useful for automation and CI/CD pipelines.
**Supported Variables:**
- `{PROVIDER}_CLIENT_ID`: OAuth client ID
- `{PROVIDER}_CLIENT_SECRET`: OAuth client secret
- `{PROVIDER}_REDIRECT_URL`: Default redirect URL
**Example:**
```bash
# Export environment variables
export GOOGLE_CLIENT_ID="xxx.apps.googleusercontent.com"
export GOOGLE_CLIENT_SECRET="GOCSPX-xxx"
export GOOGLE_REDIRECT_URL="https://app.example.com/auth/callback"
# Create provider using environment variables
python scripts/configure_oauth_provider.py create google
# You can still override with command-line arguments
python scripts/configure_oauth_provider.py create google \
--redirect-url "https://different.com/callback"
```
### Supported Providers
The script comes with pre-configured endpoint information for:
- **Google** (`google`)
- Authorization: `https://accounts.google.com/o/oauth2/v2/auth`
- Token: `https://oauth2.googleapis.com/token`
- User Info: `https://openidconnect.googleapis.com/v1/userinfo`
- Default Scopes: `openid, profile, email`
- **GitHub** (`github`)
- Authorization: `https://github.com/login/oauth/authorize`
- Token: `https://github.com/login/oauth/access_token`
- User Info: `https://api.github.com/user`
- Default Scopes: `read:user, user:email`
- **Microsoft** (`microsoft`)
- Authorization: `https://login.microsoftonline.com/common/oauth2/v2.0/authorize`
- Token: `https://login.microsoftonline.com/common/oauth2/v2.0/token`
- User Info: `https://graph.microsoft.com/oidc/userinfo`
- Default Scopes: `openid, profile, email`
### Error Handling
The script provides clear error messages and appropriate exit codes:
- **Exit Code 0**: Success
- **Exit Code 1**: Error occurred
**Common Errors:**
1. **Provider Already Exists**
```
✗ Failed to create provider: Provider google already exists
Use 'update' command to modify existing provider configuration.
```
2. **Provider Not Found**
```
✗ Failed to update provider: Provider google not found
Use 'create' command to add a new provider configuration.
```
3. **Missing Credentials**
```
✗ Client ID is required. Provide via --client-id or GOOGLE_CLIENT_ID environment variable.
```
### Integration with Shell Scripts
The [`configure-google-auth.sh`](../../docs/configure-google-auth.sh:1) script demonstrates how to integrate the Python script into a shell script for easier deployment:
```bash
#!/bin/bash
# Set credentials
GOOGLE_CLIENT_ID="xxx"
GOOGLE_CLIENT_SECRET="yyy"
REDIRECT_URL="https://app.example.com/callback"
# Call Python script
cd gatehouse-api
python3 scripts/configure_oauth_provider.py create google \
--client-id "$GOOGLE_CLIENT_ID" \
--client-secret "$GOOGLE_CLIENT_SECRET" \
--redirect-url "$REDIRECT_URL"
```
### API Service Methods
The script uses the following [`ExternalAuthService`](../gatehouse_app/services/external_auth_service.py:1) methods:
- [`create_app_provider_config()`](../gatehouse_app/services/external_auth_service.py:308) - Create provider configuration
- [`update_app_provider_config()`](../gatehouse_app/services/external_auth_service.py:369) - Update provider configuration
- [`get_app_provider_config()`](../gatehouse_app/services/external_auth_service.py:427) - Get single provider
- [`list_app_provider_configs()`](../gatehouse_app/services/external_auth_service.py:454) - List all providers
- [`delete_app_provider_config()`](../gatehouse_app/services/external_auth_service.py:465) - Delete provider configuration
### Security Considerations
1. **Client Secret Storage**: Client secrets are encrypted using the application's encryption key before storage in the database
2. **Environment Variables**: Be cautious when using environment variables in shared environments
3. **Secret Exposure**: The `show` command never displays the client secret (it's always excluded)
4. **Confirmation Prompts**: The `delete` command requires confirmation unless `--yes` flag is used
### Troubleshooting
**Database Connection Issues:**
- Ensure PostgreSQL is running and accessible
- Check `.env` file for correct `DATABASE_URL`
- Verify virtual environment is activated
**Import Errors:**
- Activate the virtual environment: `source .venv/bin/activate`
- Install dependencies: `pip install -r requirements.txt`
**Permission Issues:**
- Ensure script is executable: `chmod +x scripts/configure_oauth_provider.py`
### Related Documentation
- [External Auth Architecture](../../docs/external-auth-architecture.md)
- [Application-Wide OAuth Design](../../docs/external-auth-application-wide-design.md)
- [OAuth API Changes](../../docs/oauth-api-changes.md)