OAuth Provider Setup
Overview
The SettleMint Platform requires OAuth authentication for:
- User authentication
- Access control
- Single sign-on capabilities
- Identity management
Provider Options
- Google OAuth
- Azure AD
- Custom OIDC
Google OAuth Setup
-
Access Google Cloud Console
- Go to Google Cloud Console
- Select or create a project
-
Create OAuth Client
- Click
+ CREATE CREDENTIALS
- Select
OAuth client ID
- Choose
Web application
type
- Click
-
Configure OAuth Client
- Add Authorized JavaScript origins:
https://your-domain.com
- Add Authorized redirect URIs:
https://your-domain.com/api/auth/callback/google
- Add Authorized JavaScript origins:
tip
Make sure to replace your-domain.com
with your actual platform domain.
Azure Active Directory Setup
-
Access Azure Portal
- Go to Azure Active Directory
- Register a new application
-
Configure Application
- Add redirect URIs
- Set up platform configurations
- Configure authentication settings
-
Set Required Permissions
- OpenID Connect permissions
- User.Read permissions
- Additional scopes as needed
Custom OIDC Provider
For enterprise setups, you can use any OpenID Connect compliant provider:
- Okta
- Auth0
- Keycloak
- Other OIDC-compliant providers
Required provider capabilities:
- OpenID Connect support
- OAuth 2.0 compliance
- User profile information
- Email verification
JWT Configuration
Generate a secure signing key for JWT tokens:
openssl rand -base64 32
caution
Store this key securely - it's used to sign user sessions.
Information Collection
Required Values for Platform Installation
- OAuth Client ID
- OAuth Client Secret
- JWT signing key
- Configured redirect URI
Example Configuration
auth:
jwtSigningKey: "your-generated-key" # From openssl command
providers:
google:
enabled: true
clientID: "your-client-id" # From OAuth provider
clientSecret: "your-secret" # From OAuth provider
Validation
Before proceeding, verify:
- OAuth client is properly configured
- Redirect URIs match your domain
- JWT signing key is generated and saved
- Required scopes are enabled
Troubleshooting
Common issues and solutions:
-
Invalid Redirect URI
- Verify exact URI match
- Check for protocol (https) mismatch
- Confirm domain spelling
-
Authentication Failures
- Verify client credentials
- Check scope configurations
- Validate JWT signing key
Next Steps
- ✅ Configure OAuth provider
- ✅ Generate JWT signing key
- ➡️ Proceed to PostgreSQL Setup
Need Help?
Contact [email protected] if you encounter any issues.