Third-party Authentication Add-on for Google. Customer Guide.
####################################################################

The following configuration will allow the customers to configure the Google OAuth application to implement authentication with Google accounts on their LMS sites.

**Integration requisites**

- It is required to have your LMS site in a domain of your own.
- Enterprise or performance subscription with the add-on third-party authentication enabled.


Configuring the Google OAUTH Application
*****************************************

1. Log in to your Google account to access |developers_console_google_link|.

.. |developers_console_google_link| raw:: html

   <a href="https://console.developers.google.com/apis/" target="_blank">The developer's console</a>

2. Create a new API project for the integration with the LMS site.

   #. Select **New Project**.
   #. Enter your **Project Name**.
   #. Press **Create**.

.. only:: html

   .. figure:: ../_assets/third-party-integration-googleapp-newproject.gif

3. Enable the **Google +API** service.

.. only:: html

   .. figure:: ../_assets/third-party-integration-googleapp-enableAPIS.gif

4. Go to the |consentpage_console_google_link|.

   .. |consentpage_console_google_link| raw:: html

      <a href="https://console.cloud.google.com/apis/credentials/consent?authuser=1&project=my-project-lms-315116" target="_blank">OAuth consent screen</a> and configure your app according to the needs and requirements for your initiative

Configuring Your Project in the Google Console
***********************************************

1. On your project, create a set of authorization credentials. Go to |credentials_console_google_link|.

   .. |credentials_console_google_link| raw:: html

      <a href="https://console.developers.google.com/apis/credentials" target="_blank">The credentials page</a> and define

   - **Authorization type:** Web complication.

   - **Name:** The name of your OAuth 2.0 client. This name is only used to identify the client in the console and will not be shown to end-users.


.. only:: html

   .. figure:: ../_assets/third-party-integration-googleapp-credentials.gif

2. Set the Redirect Authorized JavaScript origins to https://YOURLMSDOMAIN (without trailing /).
3. Set the Authorized redirect URIs to https://YOURLMSDOMAIN/auth/complete/google-oauth2/.

.. only:: html

   .. figure:: ../_assets/third-party-integration-googleapp-redirecturls.gif


4. Provide eduNEXT with the credentials recently created.

   The *client ID* and *client secret* can be found at the top-right corner or can be downloaded in a JSON file.

.. only:: html

   .. figure:: ../_assets/third-party-integration-googleapp-json.gif


The credentials look like the example below.

.. code-block:: json

   {
      "web":{
         "client_id":"xxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com",
         "project_id":"your_project_id",
         "auth_uri":" https://accounts.google.com/o/oauth2/auth",
         "token_uri":" https://accounts.google.com/o/oauth2/token",
         "auth_provider_x509_cert_url":" https://www.googleapis.com/oauth2/v1/certs",
         "client_secret":"xxXXXxxxXXXXxxxXXXXxxxxX",
         "redirect_uris":[" https://YOURLMSDOMAIN/auth/complete/google-oauth2/"]
      }  
   }

   
Send this information to the eduNEXT customer support team via the `Edunext Control Center <https://manage.edunext.co/>`_ > **Customer Support** > **Submit a Ticket**