Google Cloud Console provider
How to set up and authenticate using Google Cloud Console.
Prerequisites
- You must have a Google account.
Set up a Google project
- Visit the Google Cloud Console and create a new Project. For this example, the project is named Doligence.
- View the OAuth 2.0 Client ID section and click on your app to get the Client ID as audience.
- Finally, you have Google OIDC config:
- issuer – "https://accounts.google.com"
- audience – "{Client ID}"
Update Google provider OIDC config to Optimizely Graph
Send a PUT
request to OIDC config URL: https://cg.optimizely.com/api/config/oidc
with epi-hmac or basic authorization header:
curl -XPUT \
-H 'Authorization: Basic {appKey}:{secret}' \
-d '{
"issuer": "https://accounts.google.com",
"audience": "{Client ID}",
}' https://cg.optimizely.com/api/config/oidc
Authenticate with Google Provider
After you authenticate, your JWT
payload should have issuer
and audience
claims:
{
"iss": "https://accounts.google.com",
"azp": "427566697749-3knhnkfnk8v2j8t60shg8nolg0trqku2.apps.googleusercontent.com",
"aud": "427566697749-3knhnkfnk8v2j8t60shg8nolg0trqku2.apps.googleusercontent.com",
"sub": "109839210343031985739",
"email": "[email protected]",
"email_verified": true,
"at_hash": "lyY-RI72YgsRHIuMDc6CGw",
"name": "Quang Tran",
"picture": "https://lh3.googleusercontent.com/a/ACg8ocLaTr3pV1TSLcBQZrjtmSvn2TDRYtLKKAhX7DUN_dQo=s96-c",
"given_name": "Manh Quang",
"family_name": "Tran",
"locale": "en",
"iat": 1696840635,
"exp": 1696844235
}
// this is id_token payload: eyJhbGciOiJSUzI1NiIsImtpZCI6ImM2MjYzZDA5NzQ1YjUwMzJlNTdmYTZlMWQwNDFiNzdhNTQwNjZkYmQiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJhenAiOiI0Mjc1NjY2OTc3NDktM2tuaG5rZm5rOHYyajh0NjBzaGc4bm9sZzB0cnFrdTIuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiI0Mjc1NjY2OTc3NDktM2tuaG5rZm5rOHYyajh0NjBzaGc4bm9sZzB0cnFrdTIuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDk4MzkyMTAzNDMwMzE5ODU3MzkiLCJlbWFpbCI6Im1hbmhxdWFuZy5mcHRAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiJseVktUkk3Mllnc1JISXVNRGM2Q0d3IiwibmFtZSI6Ik1hbmggUXVhbmcgVHJhbiIsInBpY3R1cmUiOiJodHRwczovL2xoMy5nb29nbGV1c2VyY29udGVudC5jb20vYS9BQ2c4b2NMYVRyM3BWMVRTTGNCUVpyanRtU3ZuMlREUll0TEtLQWhYN0RVTl9kUW89czk2LWMiLCJnaXZlbl9uYW1lIjoiTWFuaCBRdWFuZyIsImZhbWlseV9uYW1lIjoiVHJhbiIsImxvY2FsZSI6ImVuIiwiaWF0IjoxNjk2ODQwNjM1LCJleHAiOjE2OTY4NDQyMzV9.zQFSSLm3XKPs1kC3_7IgIfdJlxYAglQlLn-9Zs1NL2r5uQsMne2sxjSEN3u6Ia063Rrs5R3fpUcTo-SdoRnkn0lYN3V4WVxTa4AVq4_JE9SrFODof6L6XQ44QjmHJzdACjXvH-w46HBtfwuXA53yOPZLlANm4-JZtngikZdUKo7gUKvX1IHGZB3hjue-h8svwAI2W0bomLvuoVgPyurZUV1UD4aMXxOeMwpPAKJtnpS6YCwd6nngcdlU_tBYjusviGpHbXBLGsivx8-ykRb62ZgaY4RZ9uvQ51OscnW1z6gS-ULAuoZq4rsNRXxKr1h7F6LXDXBMAptqM5qqcp8tEA
// the token must contain iss and aud value
Authorize with Optimizely Graph
Send your GQL query to the query endpoint with your previously received JWT token payload:
curl --location 'https://cg.optimizely.com/content/v2?tenant_id=f26abab66d914405b839f6daa69d6c28' \
--header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6ImM2MjYzZDA5NzQ1YjUwMzJlNTdmYTZlMWQwNDFiNzdhNTQwNjZkYmQiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJhenAiOiI0Mjc1NjY2OTc3NDktM2tuaG5rZm5rOHYyajh0NjBzaGc4bm9sZzB0cnFrdTIuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiI0Mjc1NjY2OTc3NDktM2tuaG5rZm5rOHYyajh0NjBzaGc4bm9sZzB0cnFrdTIuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDk4MzkyMTAzNDMwMzE5ODU3MzkiLCJlbWFpbCI6Im1hbmhxdWFuZy5mcHRAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiJseVktUkk3Mllnc1JISXVNRGM2Q0d3IiwibmFtZSI6Ik1hbmggUXVhbmcgVHJhbiIsInBpY3R1cmUiOiJodHRwczovL2xoMy5nb29nbGV1c2VyY29udGVudC5jb20vYS9BQ2c4b2NMYVRyM3BWMVRTTGNCUVpyanRtU3ZuMlREUll0TEtLQWhYN0RVTl9kUW89czk2LWMiLCJnaXZlbl9uYW1lIjoiTWFuaCBRdWFuZyIsImZhbWlseV9uYW1lIjoiVHJhbiIsImxvY2FsZSI6ImVuIiwiaWF0IjoxNjk2ODQwNjM1LCJleHAiOjE2OTY4NDQyMzV9.zQFSSLm3XKPs1kC3_7IgIfdJlxYAglQlLn-9Zs1NL2r5uQsMne2sxjSEN3u6Ia063Rrs5R3fpUcTo-SdoRnkn0lYN3V4WVxTa4AVq4_JE9SrFODof6L6XQ44QjmHJzdACjXvH-w46HBtfwuXA53yOPZLlANm4-JZtngikZdUKo7gUKvX1IHGZB3hjue-h8svwAI2W0bomLvuoVgPyurZUV1UD4aMXxOeMwpPAKJtnpS6YCwd6nngcdlU_tBYjusviGpHbXBLGsivx8-ykRb62ZgaY4RZ9uvQ51OscnW1z6gS-ULAuoZq4rsNRXxKr1h7F6LXDXBMAptqM5qqcp8tEA' \
--header 'Content-Type: application/json' \
--data '{"query":"{\n Content {\n items {\n Name\n }\n }\n}","variables":{}}'
Updated 9 months ago