Setting up the Google Cloud App
Create a google project: https://console.cloud.google.com/projectcreate
Enabling the People API
Enable the Google People API here: https://console.cloud.google.com/apis/library/people.googleapis.com
Be sure to have the right project selected.
Setting up the OAuth Consent Screen
Go to APIs & Services on the left hand tab (see image below).
Then select OAuth Consent screen page.
Under OAuth Consent screen select either Internal or External
- Companies with a Google Workspace should choose
- Otherwise choose
On the next page:
- Provide an app name (can go with
- Provide any email you own (or firstname.lastname@example.org if you want us to handle questions from your Danswer users)
- Upload the Danswer logo (or leave blank)
- The Developer contact information can be any email you own (or again, email@example.com)
Leave the optional fields blank
Click SAVE AND CONTINUE
Leave the next two pages for Scopes and Test users blank.
Setting up Credentials
Still under APIs & Services, go to Credentials on the left hand bar
Click on +CREATE CREDENTIALS and choose
OAuth client ID
Web application then call it
http://localhost:3000for local or replace with
https://www.danswer.ai) if setting up for prod.
Authorized redirect URIs as:
http://localhost:3000/auth/oauth/callbackfor local setup or
https://<WEB_DOMAIN>/auth/oauth/callbackif setting up for prod.
Click CREATE and save the Client ID and Client Secret for use in the next section
Turning on OAuth in Danswer
OAuth is controlled by 3 environment variables, regardless of deployment choice (non-containerized, docker compose, kubernetes). To turn the feature on set:
OAUTH_CLIENT_ID=<your client id from above>
OAUTH_CLIENT_SECRET=<your client secret from above>
- If setting up in production, then:
WEB_DOMAIN=<your domain including protocol e.g. https://www.danswer.ai>
Simply set the above environment variables when running the different Danswer processes.
- The backend api server uses the 3 environment variables
- The frontend hits the api server to determine what user authentication setting is configured and serves the relevant pages.
Simply set the 4 environment variables in a file called .env under danswer/deployment/docker_compose.
Kubernetes deployment was designed for production use and assumes that user Auth is a required feature therefore it is
on by default. To set up the required values, replace the
REPLACE-THIS values in secrets.yaml with thebase64 encoded
client ID and client secret from above.