This guide will walk you through the process of enabling Google OAuth authentication for your MFE Orchestrator instance.
Prerequisites
- A Google Cloud Platform (GCP) account
- A project in the Google Cloud Console
- Docker environment for MFE Orchestrator
Step 1: Create a New OAuth 2.0 Client ID
- Go to the Google Cloud Console
- Select or create a project
- Navigate to APIs & Services > Credentials
- Click Create Credentials > OAuth client ID
- Set the Application type to Web application
- Add the following Authorized redirect URIs:
http://localhost:3000/api/auth/callback/google
- Click Create
- Note down the Client ID and Client Secret
Step 2: Configure OAuth Consent Screen
- In the Google Cloud Console, go to APIs & Services > OAuth consent screen
- Select External user type and click Create
- Fill in the required app information:
- App name: "MFE Orchestrator"
- User support email: Your email
- Developer contact information: Your email
- Click Save and Continue
- In the Scopes section, add the following scopes:
.../auth/userinfo.email.../auth/userinfo.profile
- Click Save and Continue
- Add test users (optional) and complete the setup
Step 3: Configure Environment Variables
Add the following environment variables to your Docker container configuration:
| Variable Name | Description | Example Value |
|---|---|---|
GOOGLE_CLIENT_ID | Client ID from Google Cloud Console | 1234567890-abcdefghijklmnopqrstuvwxyz123456.apps.googleusercontent.com |
GOOGLE_REDIRECT_URI | Redirect URI for authentication | http://localhost:3000/api/auth/callback/google |
GOOGLE_AUTH_SCOPE | Required scopes (space-separated) | https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile |
GOOGLE_AUTH_HOSTED_DOMAIN | (Optional) Restrict to specific domain | yourdomain.com |
GOOGLE_API_AUDIENCE | (Optional) API audience for additional APIs | https://www.googleapis.com/auth/... |
Step 4: Update Docker Configuration
If you are using Docker Compose, add these variables to your docker-compose.yml file:
services:
microfrontend-orchestrator-hub:
environment:
- GOOGLE_CLIENT_ID=${GOOGLE_CLIENT_ID}
- GOOGLE_REDIRECT_URI=${GOOGLE_REDIRECT_URI}
- GOOGLE_AUTH_SCOPE=${GOOGLE_AUTH_SCOPE}
- GOOGLE_AUTH_HOSTED_DOMAIN=${GOOGLE_AUTH_HOSTED_DOMAIN}
- GOOGLE_API_AUDIENCE=${GOOGLE_API_AUDIENCE}
Step 5: Restart Your Application
After updating the configuration, restart your Docker containers:
docker-compose down
docker-compose up -d
Troubleshooting
- 400: redirect_uri_mismatch: Ensure the redirect URI in your Google Cloud Console matches exactly with what's in your configuration
- 403: access_denied: Verify that the Google OAuth consent screen is properly configured and published
- Invalid client secret: Ensure the client secret is correct and hasn't expired
- Check Docker logs for any authentication-related errors