Configuring the OAuth server with Google - Cloud

Talend Cloud Data Catalog Administration Guide
Version
Cloud
Language
English
Product
Talend Cloud
Module
Talend Data Catalog
Content
Administration and Monitoring
Data Governance
Last publication date
2024-01-17
AWS
In this example, the authorization server is the Google authorization server.

Before you begin

  • As an administrator, you have obtained OAuth 2.0 client credentials from the authorization server.
  • As an administrator, you have configured the authorization server.
  • You have been assigned a global role with the Security Administration capability.

Procedure

  1. Go to MANAGE > Users.
  2. In the Authentication field of the toolbar, select OAuth from the drop-down list.
  3. Click the Configure authentication icon next to the drop-down list.
  4. In the Connection tab, fill in the following fields.
    Note: In the Scope field, the email profile value indicates that you want to know the user’s email address and basic profile information.
  5. In the User Attribute Mapping tab, map the Google's attributes to the Talend Cloud Data Catalog ones.
  6. In the Request Headers tab, click Add header and enter extra parameters to be added in the HTTP requests to the external authentication server.
  7. In the Group Mappings tab, map the group attribute from the external user account to the Talend Cloud Data Catalog group name.
    To enable the automatic group assignment, you can fill in the Groups attribute with the corresponding field name in the user account information. Talend Cloud Data Catalog uses the value of this field as the security group assignment.
    The user account information is returned from the OAuth server to Talend Cloud Data Catalog after the OAuth server validates an access token upon a login request.
    You can also map individual values assigned to the OAuth attribute that maps to the Groups in Talend Cloud Data Catalog.
    You can use the wildcard ("%") when configuring the group mappings. The % matches zero or more characters.
    When populating an OAuth attribute for group assignment, you switch from native and manually managed group assignment to OAuth driven and automatic group assignment for all OAuth users. As an OAuth user, you lose the previous native group assignment the next time you log in.

    When deleting the last OAuth attribute for group assignment, you switch from OAuth driven group assignment to native group assignment. Any OAuth user will be associated with the Guest group, until the users are manually assigned to other groups.

  8. Save your changes.

Results

You can log in to Talend Cloud Data Catalog through Google.
Below is an example of the data that can be returned in Json.
{ "sub": "110248495921238986420",
					"name": "Aaron Parecki",
					"given_name": "Aaron",
					"family_name": "Parecki",
					"picture": "https://lh4.googleusercontent.com/-kw-iMgD_j34/AAAAAAAAAAI/AAAAAAAAAAc/P1YY91tzesU/photo.jpg",
					"email": "aaron.parecki@okta.com",
					"email_verified": true,
					"locale": "en",
					"hd": "okta.com"
					}
As Google's attributes have been mapped to the Talend Cloud Data Catalog ones in User Attribute Mapping, you can see the user information retrieved from Google.