From 4d4ffe8b34f1ca3f1c9a6b18e1726886f463861b Mon Sep 17 00:00:00 2001
From: the-darkvoid <darkvoid@gmail.com>
Date: Mon, 14 Nov 2022 11:41:45 +0000
Subject: [PATCH] Added Google & Google Workspace to OpenId examples (#1319)

Reviewed-on: https://kolaente.dev/vikunja/api/pulls/1319
Co-authored-by: the-darkvoid <darkvoid@gmail.com>
Co-committed-by: the-darkvoid <darkvoid@gmail.com>
---
 docs/content/doc/setup/openid-examples.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/docs/content/doc/setup/openid-examples.md b/docs/content/doc/setup/openid-examples.md
index 0114046ca..088a8c3f7 100644
--- a/docs/content/doc/setup/openid-examples.md
+++ b/docs/content/doc/setup/openid-examples.md
@@ -43,3 +43,26 @@ scopes:
   - email
   - profile
 ```
+
+## Google / Google Workspace
+
+Vikunja Config:
+
+```yaml
+openid:
+    enabled: true
+    redirecturl: https://vikunja.mydomain.com/auth/openid/  <---- slash at the end is important
+    providers:
+      - name: Google
+        authurl: https://accounts.google.com
+        clientid: <google-oauth-client-id>
+        clientsecret: <google-oauth-client-secret>
+```
+
+Google config:
+
+  - Navigate to https://console.cloud.google.com/apis/credentials in the target project
+  - Create a new OAuth client ID
+  - Configure an authorized redirect URI of https://vikunja.mydomain.com/auth/openid/google
+
+Note that there currently seems to be no way to stop creation of new users, even when enableregistration is false in the configuration. This means that this approach works well only with an "Internal Organization" app for Google Workspace, which limits the allowed users to organizational accounts only. External / public applications will potentially allow every Google user to register.
\ No newline at end of file