T
Twenty•7mo ago
John

Guide for implementing google SSO w/ Twenty

Hey All, Looking at the docs it appears the auth_google_* environment variables are for implementing google SSO. Has anyone found success with this using google workspace. In searching the github, docs, discord, etc... I cannot seem to find any documentation on this. Thanks in advance
14 Replies
charles
charles•7mo ago
Hi @John, not sure what your question is 🙂 Twenty does support Google SSO 🙂
John
JohnOP•7mo ago
Understood, thanks for the reply — question came from the env var page (found here: https://twenty.com/developers/section/self-hosting/self-hosting-var) which to me reads as if it supports SSO login for users.
No description
jellifish
jellifish•7mo ago
I got it to work in the end by reading the messages in "Setting Up Gmail/Google Auth in Self Hosted Twenty (Docker Compose)" thread. There are one or two extra environmental variables, and it's also worth noting that gcloud can take some time to update the redirect URLs. I'm not sure if there is any actual documentation for what the redirect URLs are, or how I was supposed to know them without seeing that thread though. Although, I can log in, connecting email account doesn't work, I get a 404 on the redirect, so maybe I spoke too soon When I try to connect the gmail/calendar accounts I get a 404, when it tries to direct back to this URL:
https://my.server.org/auth/google/google-apis/get-access-token?state=%7B%22transientToken%22:%22xxxxx
https://my.server.org/auth/google/google-apis/get-access-token?state=%7B%22transientToken%22:%22xxxxx
charles
charles•7mo ago
@jellifish we are doing a pretty bad job at documenting environment variable and setup. There is an ongoing effort to simplify it! It should be: AUTH_GOOGLE_APIS_CALLBACK_URL=http://localhost:3000/auth/google-apis/get-access-token try removing the /google/ from your url
jellifish
jellifish•7mo ago
Thanks, I have it working now đź‘Ť
charles
charles•7mo ago
wonderful!
jellifish
jellifish•7mo ago
Although...the email sync just continunes saying "ongoing..." - should that end at some point?
charles
charles•7mo ago
do you have your worker running? what do you see in the logs? what's the status of your messageChannel in db ?
jellifish
jellifish•7mo ago
The worker is running, and the logs don't show any error, just this:-
[Nest] 34 - 06/21/2024, 11:51:36 AM LOG [MessagingGmailFullMessageListFetchService] Added 21661 messages ids from Gmail for messageChannel 84f12374-27f4-4120-bb76-fdac63643989 in workspace 1b26acf2-270c-44ae-8431-f4afd4fc56e2 and added to cache for import
[Nest] 34 - 06/21/2024, 11:51:36 AM LOG [MessagingGmailFullMessageListFetchService] Added 21661 messages ids from Gmail for messageChannel 84f12374-27f4-4120-bb76-fdac63643989 in workspace 1b26acf2-270c-44ae-8431-f4afd4fc56e2 and added to cache for import
But when I look at people and the emails tab, nothing is shown, and the "ongoing..." is still happening in the email settings. I guess I need to figure out how to import from the cache?
charles
charles•7mo ago
what MESSAGE_QUEUE_TYPE do you have?
jellifish
jellifish•7mo ago
I’m not sure I have defined it or changed it from whatever the default is…what should it be? This is a docker installation.
charles
charles•7mo ago
can you connect to your container (ssh) and do: "env" and paste the result here (without any secret of course)
jellifish
jellifish•6mo ago
OK this is in the server container (not the worker container) so pg-boss seems to be the queue type:-
AUTH_PASSWORD_ENABLED=false
ENABLE_DB_MIGRATIONS=true
NODE_VERSION=18.17.1
SENTRY_RELEASE=
HOSTNAME=d378367b6356
YARN_VERSION=1.22.19
REACT_APP_SERVER_BASE_URL=
SHLVL=1
PORT=3000
FRONT_BASE_URL=https://twenty.cloud.mydomain.org
HOME=/home/node
MESSAGING_PROVIDER_GMAIL_CALLBACK_URL=https://twenty.cloud.mydomain.org/auth/google-gmail/get-access-token
ACCESS_TOKEN_SECRET=xxxxxx
LOGIN_TOKEN_SECRET=xxxxxx
PG_DATABASE_URL=postgres://twenty:twenty@db:5432/default
CALENDAR_PROVIDER_GOOGLE_ENABLED=true
AUTH_GOOGLE_CLIENT_ID=28741xxx5607-gxxxxxxx.apps.googleusercontent.com
AUTH_GOOGLE_CLIENT_SECRET=Gxxxxxxx
AUTH_GOOGLE_ENABLED=true
STORAGE_TYPE=local
STORAGE_S3_NAME=
TERM=xterm
FRONT_AUTH_CALLBACK_URL=https://twenty.cloud.mydomain.org/auth/google-apis
FILE_TOKEN_SECRET=xxxxxxx
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
REFRESH_TOKEN_SECRET=xxxxxxx
SIGN_IN_PREFILLED=false
STORAGE_S3_REGION=
STORAGE_S3_ENDPOINT=
AUTH_GOOGLE_CALLBACK_URL=https://twenty.cloud.mydomain.org/auth/google/redirect
SERVER_URL=https://twenty.cloud.mydomain.org
MESSAGING_PROVIDER_GMAIL_ENABLED=true
PWD=/app/packages/twenty-server
AUTH_GOOGLE_APIS_CALLBACK_URL=https://twenty.cloud.mydomain.org/auth/google-apis/get-access-token
MESSAGE_QUEUE_TYPE=pg-boss
AUTH_PASSWORD_ENABLED=false
ENABLE_DB_MIGRATIONS=true
NODE_VERSION=18.17.1
SENTRY_RELEASE=
HOSTNAME=d378367b6356
YARN_VERSION=1.22.19
REACT_APP_SERVER_BASE_URL=
SHLVL=1
PORT=3000
FRONT_BASE_URL=https://twenty.cloud.mydomain.org
HOME=/home/node
MESSAGING_PROVIDER_GMAIL_CALLBACK_URL=https://twenty.cloud.mydomain.org/auth/google-gmail/get-access-token
ACCESS_TOKEN_SECRET=xxxxxx
LOGIN_TOKEN_SECRET=xxxxxx
PG_DATABASE_URL=postgres://twenty:twenty@db:5432/default
CALENDAR_PROVIDER_GOOGLE_ENABLED=true
AUTH_GOOGLE_CLIENT_ID=28741xxx5607-gxxxxxxx.apps.googleusercontent.com
AUTH_GOOGLE_CLIENT_SECRET=Gxxxxxxx
AUTH_GOOGLE_ENABLED=true
STORAGE_TYPE=local
STORAGE_S3_NAME=
TERM=xterm
FRONT_AUTH_CALLBACK_URL=https://twenty.cloud.mydomain.org/auth/google-apis
FILE_TOKEN_SECRET=xxxxxxx
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
REFRESH_TOKEN_SECRET=xxxxxxx
SIGN_IN_PREFILLED=false
STORAGE_S3_REGION=
STORAGE_S3_ENDPOINT=
AUTH_GOOGLE_CALLBACK_URL=https://twenty.cloud.mydomain.org/auth/google/redirect
SERVER_URL=https://twenty.cloud.mydomain.org
MESSAGING_PROVIDER_GMAIL_ENABLED=true
PWD=/app/packages/twenty-server
AUTH_GOOGLE_APIS_CALLBACK_URL=https://twenty.cloud.mydomain.org/auth/google-apis/get-access-token
MESSAGE_QUEUE_TYPE=pg-boss
Appreciate the help so far, so is there something I need to "kick" to get the cache imported? I fired up a redis container and used that instead. It seems to work better. Maybe that should be the default way to do it in the example docker-compose.yml file?
charles
charles•6mo ago
great! pg-boss should be working too and that's what I'm using locally. pg-boss is great because it does not require any extra knowledge on how to setup a redis, so we will keep it as the out-of-the box setting. But we recommend using redis for production environment (it's what we have for Twenty cloud)
Want results from more Discord servers?
Add your server