diff --git a/oauth2/google.go b/oauth2/google.go
index 447c8c935..fb082ace6 100644
--- a/oauth2/google.go
+++ b/oauth2/google.go
@@ -21,6 +21,7 @@ var _ Provider = &Google{}
type Google struct {
ClientID string
ClientSecret string
+ RedirectURL string
Domains []string // Optional google email domain checking
Logger chronograf.Logger
}
@@ -56,7 +57,7 @@ func (g *Google) Config() *oauth2.Config {
ClientSecret: g.Secret(),
Scopes: g.Scopes(),
Endpoint: GoogleEndpoint,
- RedirectURL: "http://localhost:8888/oauth/google/callback", // TODO: we are required to have a redirect_uri from google
+ RedirectURL: g.RedirectURL,
}
}
diff --git a/server/mux.go b/server/mux.go
index a703e8d98..6a073109e 100644
--- a/server/mux.go
+++ b/server/mux.go
@@ -22,6 +22,7 @@ const (
type MuxOpts struct {
Logger chronograf.Logger
Develop bool // Develop loads assets from filesystem instead of bindata
+ Basepath string // URL path prefix under which all chronograf routes will be mounted
UseAuth bool // UseAuth turns on Github OAuth and JWT
TokenSecret string // TokenSecret is the JWT secret
GithubClientID string // GithubClientID is the GH OAuth id
@@ -29,7 +30,8 @@ type MuxOpts struct {
GithubOrgs []string // GithubOrgs is the list of organizations a user may be a member of
GoogleClientID string // GoogleClientID is the Google OAuth id
GoogleClientSecret string // GoogleClientSecret is the Google OAuth secret
- GoogleDomains []string // GoogleOrgs is the list of domains a user may be a member of
+ GoogleDomains []string // GoogleDomains is the list of domains a user may be a member of
+ PublicURL string // PublicURL is the public facing URL for the server
}
// NewMux attaches all the route handlers; handler returned servers chronograf.
@@ -148,10 +150,12 @@ func AuthAPI(opts MuxOpts, router *httprouter.Router) http.Handler {
router.Handler("GET", "/oauth/github/logout", ghMux.Logout())
router.Handler("GET", "/oauth/github/callback", ghMux.Callback())
+ redirectURL := opts.PublicURL + opts.Basepath + "/oauth/google/callback"
google := oauth2.Google{
ClientID: opts.GoogleClientID,
ClientSecret: opts.GoogleClientSecret,
Domains: opts.GoogleDomains,
+ RedirectURL: redirectURL,
Logger: opts.Logger,
}
diff --git a/server/server.go b/server/server.go
index 8a9058831..87cd4901c 100644
--- a/server/server.go
+++ b/server/server.go
@@ -50,6 +50,7 @@ type Server struct {
GoogleClientID string `long:"google-client-id" description:"Google Client ID for OAuth 2 support" env:"GOOGLE_CLIENT_ID"`
GoogleClientSecret string `long:"google-client-secret" description:"Google Client Secret for OAuth 2 support" env:"GOGGLE_CLIENT_SECRET"`
GoogleDomains []string `long:"google-domains" description:"Google email domain user is required to have active membership" env:"GOOGLE_DOMAINS" env-delim:","`
+ PublicURL string `long:"public-url" description:"Full public URL used to access Chronograf from a web browser. Used for Google OAuth2 authentication. (http://localhost:8888)" env:"PUBLIC_URL"`
ReportingDisabled bool `short:"r" long:"reporting-disabled" description:"Disable reporting of usage stats (os,arch,version,cluster_id,uptime) once every 24hr" env:"REPORTING_DISABLED"`
LogLevel string `short:"l" long:"log-level" value-name:"choice" choice:"debug" choice:"info" choice:"warn" choice:"error" choice:"fatal" choice:"panic" default:"info" description:"Set the logging level" env:"LOG_LEVEL"`
@@ -68,7 +69,7 @@ type BuildInfo struct {
func (s *Server) useAuth() bool {
gh := s.TokenSecret != "" && s.GithubClientID != "" && s.GithubClientSecret != ""
- google := s.TokenSecret != "" && s.GoogleClientID != "" && s.GoogleClientSecret != ""
+ google := s.TokenSecret != "" && s.GoogleClientID != "" && s.GoogleClientSecret != "" && s.PublicURL != ""
return gh || google
}
@@ -86,6 +87,7 @@ func (s *Server) Serve() error {
GoogleClientID: s.GoogleClientID,
GoogleClientSecret: s.GoogleClientSecret,
GoogleDomains: s.GoogleDomains,
+ PublicURL: s.PublicURL,
Logger: logger,
UseAuth: s.useAuth(),
}, service)