peterwood/docs
1
0
Fork 0
mirror of https://github.com/acedanger/docs.git synced 2025-12-05 14:40:13 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
c6eb26037b85b89b0aebaf49f8b53e2b4368a9d3
docs/guides/setup/sso.mdx
Peter Wood c6eb26037b feat: Add CI/CD setup guide with Gitea Actions for trading analysis application 
feat: Implement multi-user support with separate brokerage accounts and user authentication

feat: Configure SSO authentication setup using Google OAuth 2.0 for secure access

refactor: Update index page to reflect new Trading Analysis Dashboard features and descriptions

docs: Enhance quickstart guide for deploying Trading Analysis Dashboard with detailed steps

chore: Add runner configuration for Gitea Actions with logging and container settings
2025-11-14 12:43:09 -05:00

235 lines
6.1 KiB
Plaintext
Raw Blame History

---
title: 'SSO Authentication Setup'
description: 'Configure Google OAuth 2.0 authentication for your Trading Analysis Dashboard'
---
## Overview
This guide will help you configure Google OAuth 2.0 authentication for secure access to your Trading Analysis Dashboard.
## Step 1: Create Google OAuth Application
<Steps>
<Step title="Access Google Cloud Console">
Visit [Google Cloud Console](https://console.cloud.google.com/) and sign in with your Google account
</Step>
<Step title="Create a New Project">
- Click "Select a project" → "New Project"
- Name: "Trading Dashboard"
- Click "Create"
</Step>
<Step title="Enable Google+ API">
- Go to "APIs & Services" → "Library"
- Search for "Google+ API" and enable it
- Also enable "Google Identity" if available
</Step>
<Step title="Create OAuth 2.0 Credentials">
- Go to "APIs & Services" → "Credentials"
- Click "Create Credentials" → "OAuth 2.0 Client IDs"
- Choose "Web application"
- Name: "Trading Dashboard Auth"
</Step>
<Step title="Configure Authorized URLs">
Add the following URLs:
**Authorized JavaScript origins:**
- `https://performance.miningwood.com`
- `http://localhost:8080` (for testing)
**Authorized redirect URIs:**
- `https://performance.miningwood.com/auth/callback`
- `http://localhost:8080/auth/callback` (for testing)
</Step>
<Step title="Copy Credentials">
Copy the "Client ID" and "Client Secret" for the next step
</Step>
</Steps>
## Step 2: Configure Environment Variables
Update your `.env.docker` file with the OAuth credentials:
```bash .env.docker
# OAuth Configuration
GOOGLE_CLIENT_ID=your-actual-client-id.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=your-actual-client-secret
# Authorized Users (your email addresses)
AUTHORIZED_USERS=your-email@gmail.com,admin@company.com
```
<Warning>
Never commit your `.env` files to version control. Keep them secure and out of your repository.
</Warning>
## Step 3: Update and Deploy
### Rebuild the application
```bash
docker compose build trading_app
docker compose restart trading_app
```
### Test the authentication
<Steps>
<Step title="Visit your application">
Navigate to `https://performance.miningwood.com`
</Step>
<Step title="Login">
You should be redirected to the login page. Click "Sign in with Google"
</Step>
<Step title="Authorize">
Authorize the application when prompted by Google
</Step>
<Step title="Access granted">
You should be redirected back and logged in successfully
</Step>
</Steps>
## Security Features
<CardGroup cols={2}>
<Card title="OAuth 2.0 with Google" icon="shield-check">
Industry standard authentication protocol
</Card>
<Card title="User Authorization" icon="users">
Only specific email addresses can access
</Card>
<Card title="Session Management" icon="clock">
Secure server-side sessions with expiration
</Card>
<Card title="HTTPS Enforcement" icon="lock">
All authentication over encrypted connections
</Card>
</CardGroup>
## User Management
### Add Users
Add email addresses to `AUTHORIZED_USERS` in `.env.docker`, separated by commas:
```bash
AUTHORIZED_USERS=user1@example.com,user2@example.com,user3@example.com
```
Then restart the application:
```bash
docker compose restart trading_app
```
### Remove Users
Remove email addresses from `AUTHORIZED_USERS` and restart the application.
<Note>
Leave `AUTHORIZED_USERS` empty to allow all users (not recommended for production)
</Note>
## Troubleshooting
<AccordionGroup>
<Accordion title="Authentication failed">
- Check that Client ID and Secret are correct in `.env.docker`
- Verify redirect URLs match exactly in Google Cloud Console
- Ensure Google+ API is enabled
- Check application logs: `docker compose logs trading_app`
</Accordion>
<Accordion title="Access denied">
- Verify your email is in `AUTHORIZED_USERS`
- Ensure email case matches exactly
- Check for extra spaces in the email list
</Accordion>
<Accordion title="Login loop">
- Clear browser cookies for your domain
- Verify Flask secret key is set in `.env.docker`
- Check session configuration in application logs
</Accordion>
<Accordion title="Callback URL mismatch">
Ensure the redirect URIs in Google Cloud Console match your deployment:
- Use `https://` for production
- Include the exact domain and path
- No trailing slashes
</Accordion>
</AccordionGroup>
## Alternative OAuth Providers
You can also configure other OAuth providers:
<Tabs>
<Tab title="GitHub OAuth">
```bash .env.docker
GITHUB_CLIENT_ID=your-github-client-id
GITHUB_CLIENT_SECRET=your-github-client-secret
```
1. Create OAuth App at https://github.com/settings/developers
2. Set Authorization callback URL to `https://your-domain.com/auth/callback`
</Tab>
<Tab title="Microsoft OAuth">
```bash .env.docker
MICROSOFT_CLIENT_ID=your-microsoft-client-id
MICROSOFT_CLIENT_SECRET=your-microsoft-client-secret
```
1. Register app at https://portal.azure.com
2. Add redirect URI in Authentication settings
</Tab>
</Tabs>
<Info>
Contact your administrator if you need help configuring alternative providers.
</Info>
## Testing OAuth Configuration
To test your OAuth setup locally:
```bash
# Start the application locally
docker compose up -d
# Check logs for any OAuth errors
docker compose logs -f trading_app
# Visit localhost
open http://localhost:8080
```
## Security Checklist
- [ ] OAuth credentials are stored in `.env` files, not in code
- [ ] `.env` files are in `.gitignore`
- [ ] `AUTHORIZED_USERS` list is properly configured
- [ ] HTTPS is enabled in production
- [ ] Strong `FLASK_SECRET_KEY` is set
- [ ] Redirect URIs are exact matches in Google Cloud Console
- [ ] Google+ API is enabled
## Next Steps
<CardGroup cols={2}>
<Card title="Multi-User Setup" icon="users" href="/guides/setup/multi-user">
Configure multi-user support with brokerage accounts
</Card>
<Card title="Deployment" icon="rocket" href="/guides/deployment/docker">
Deploy your application to production
</Card>
</CardGroup>
Reference in New Issue View Git Blame Copy Permalink