Create GOOGLE_OAUTH_SETUP.md
Browse files- GOOGLE_OAUTH_SETUP.md +79 -0
GOOGLE_OAUTH_SETUP.md
ADDED
|
@@ -0,0 +1,79 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
# Google OAuth Setup Guide
|
| 2 |
+
|
| 3 |
+
This application uses Google OAuth for user authentication. Follow these steps to set it up:
|
| 4 |
+
|
| 5 |
+
## 1. Create Google OAuth Credentials
|
| 6 |
+
|
| 7 |
+
1. Go to the [Google Cloud Console](https://console.cloud.google.com/)
|
| 8 |
+
2. Create a new project or select an existing one
|
| 9 |
+
3. Enable the Google+ API
|
| 10 |
+
4. Go to "Credentials" → "Create Credentials" → "OAuth client ID"
|
| 11 |
+
5. Choose "Web application"
|
| 12 |
+
6. Add authorized redirect URIs:
|
| 13 |
+
- For development: `http://localhost:7860/api/auth/callback`
|
| 14 |
+
- For production: `https://your-domain.com/api/auth/callback`
|
| 15 |
+
7. Copy the Client ID and Client Secret
|
| 16 |
+
|
| 17 |
+
## 2. Set Environment Variables
|
| 18 |
+
|
| 19 |
+
Set the following environment variables:
|
| 20 |
+
|
| 21 |
+
```bash
|
| 22 |
+
# Google OAuth
|
| 23 |
+
GOOGLE_CLIENT_ID=your-client-id-here
|
| 24 |
+
GOOGLE_CLIENT_SECRET=your-client-secret-here
|
| 25 |
+
|
| 26 |
+
# JWT Secret (use a strong random string)
|
| 27 |
+
JWT_SECRET_KEY=your-secret-key-here
|
| 28 |
+
|
| 29 |
+
# Frontend URL (for OAuth redirect)
|
| 30 |
+
FRONTEND_URL=http://localhost:5173 # or your production URL
|
| 31 |
+
```
|
| 32 |
+
|
| 33 |
+
## 3. Database Migration
|
| 34 |
+
|
| 35 |
+
The database will automatically create the new `users` table and add `user_id` to the `extractions` table when you start the application.
|
| 36 |
+
|
| 37 |
+
**Note:** If you have an existing database with extraction records, you'll need to:
|
| 38 |
+
1. Back up your data
|
| 39 |
+
2. Delete the old database file
|
| 40 |
+
3. Restart the application to recreate tables with the new schema
|
| 41 |
+
|
| 42 |
+
Or manually migrate:
|
| 43 |
+
- Add `user_id` column to `extractions` table (you may need to set a default user_id for existing records)
|
| 44 |
+
|
| 45 |
+
## 4. Install Dependencies
|
| 46 |
+
|
| 47 |
+
Make sure to install the new Python dependencies:
|
| 48 |
+
|
| 49 |
+
```bash
|
| 50 |
+
pip install -r backend/requirements.txt
|
| 51 |
+
```
|
| 52 |
+
|
| 53 |
+
New dependencies added:
|
| 54 |
+
- `authlib` - OAuth library
|
| 55 |
+
- `pyjwt` - JWT token handling
|
| 56 |
+
- `python-jose[cryptography]` - JWT verification
|
| 57 |
+
|
| 58 |
+
## 5. Start the Application
|
| 59 |
+
|
| 60 |
+
1. Start the backend server
|
| 61 |
+
2. Start the frontend development server
|
| 62 |
+
3. Users will be prompted to sign in with Google when they try to access the application
|
| 63 |
+
|
| 64 |
+
## How It Works
|
| 65 |
+
|
| 66 |
+
1. User clicks "Sign in with Google" → redirected to Google login
|
| 67 |
+
2. After authentication, Google redirects to `/api/auth/callback`
|
| 68 |
+
3. Backend creates/updates user in database and generates JWT token
|
| 69 |
+
4. Frontend receives token and stores it in localStorage
|
| 70 |
+
5. All API requests include the JWT token in the Authorization header
|
| 71 |
+
6. Backend verifies token and filters data by user_id
|
| 72 |
+
|
| 73 |
+
## Security Notes
|
| 74 |
+
|
| 75 |
+
- JWT tokens expire after 7 days
|
| 76 |
+
- Tokens are stored in localStorage (consider httpOnly cookies for production)
|
| 77 |
+
- All extraction records are filtered by user_id
|
| 78 |
+
- Users can only see their own data and history
|
| 79 |
+
|