[Feature Request] Google SSO #360

New Issue

Closed

opened 2026-02-04 18:41:49 +03:00 by OVERLORD · 7 comments

OVERLORD commented 2026-02-04 18:41:49 +03:00

Owner

Copy Link

Originally created by @XStylus on GitHub (Sep 25, 2023).

I'd like to respectfully request support for Google SSO.

Our team uses Google Workspace, and I'd like to allow users to log in by clicking a "Log in With Google" link, or similar function.

Thank you!

Originally created by @XStylus on GitHub (Sep 25, 2023). I'd like to respectfully request support for Google SSO. Our team uses Google Workspace, and I'd like to allow users to log in by clicking a "Log in With Google" link, or similar function. Thank you!

OVERLORD added the enhancement label 2026-02-04 18:41:49 +03:00

OVERLORD closed this issue 2026-02-04 18:41:55 +03:00

OVERLORD commented 2026-02-04 18:42:04 +03:00

Author

Owner

Copy Link

@lorenz commented on GitHub (Oct 19, 2023):

This should work in the next release with my changes to the OIDC implementation in 743f2956c8

@lorenz commented on GitHub (Oct 19, 2023): This should work in the next release with my changes to the OIDC implementation in 743f2956c8c1855f98272add5548f93b75cb4440

OVERLORD commented 2026-02-04 18:42:09 +03:00

Author

Owner

Copy Link

@meltyshev commented on GitHub (Oct 19, 2023):

Released: https://github.com/plankanban/planka/releases/tag/v1.14.0. Now you can try to set up Google SSO.

@meltyshev commented on GitHub (Oct 19, 2023): Released: https://github.com/plankanban/planka/releases/tag/v1.14.0. Now you can try to set up Google SSO.

OVERLORD commented 2026-02-04 18:42:24 +03:00

Author

Owner

Copy Link

@meltyshev commented on GitHub (Oct 19, 2023):

I've just tried setting up SSO via Google, and for some reason code is returned in the query parameters rather than in the fragment. But if I try to take the code from the query parameters, everything works fine. Is this a Google problem or am I doing something wrong in the settings?

@meltyshev commented on GitHub (Oct 19, 2023): I've just tried setting up SSO via Google, and for some reason `code` is returned in the query parameters rather than in the fragment. But if I try to take the `code` from the query parameters, everything works fine. Is this a Google problem or am I doing something wrong in the settings?

OVERLORD commented 2026-02-04 18:42:43 +03:00

Author

Owner

Copy Link

@lorenz commented on GitHub (Oct 19, 2023):

Can you post the authorization request URL used (it doesn't contain any private data)?

@lorenz commented on GitHub (Oct 19, 2023): Can you post the authorization request URL used (it doesn't contain any private data)?

OVERLORD commented 2026-02-04 18:42:56 +03:00

Author

Owner

Copy Link

@meltyshev commented on GitHub (Oct 19, 2023):

https://accounts.google.com/o/oauth2/v2/auth?client_id=XXX&scope=openid%20email%20profile&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Foidc-callback&response_mode=fragment

http://localhost:3000/oidc-callback?code=XXX&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+openid&authuser=0&prompt=none

UPD: probably we need to add response_mode to the env variables and take the code depending on the setting, or just always use query to cover more providers, but it's hard for me to imagine if there could be security issues with query.

@meltyshev commented on GitHub (Oct 19, 2023): `https://accounts.google.com/o/oauth2/v2/auth?client_id=XXX&scope=openid%20email%20profile&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Foidc-callback&response_mode=fragment` `http://localhost:3000/oidc-callback?code=XXX&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+openid&authuser=0&prompt=none` UPD: probably we need to add `response_mode` to the env variables and take the `code` depending on the setting, or just always use `query` to cover more providers, but it's hard for me to imagine if there could be security issues with `query`.

OVERLORD commented 2026-02-04 18:43:01 +03:00

Author

Owner

Copy Link

@lorenz commented on GitHub (Oct 19, 2023):

That's really weird, Google should be returning this as a fragment, not a query string. The standard very clearly says that our request is compliant and it is AFAIK mandatory-to-implement for OIDC (but not OAuth 2.0). Google claims to be OIDC certified, but from what I can tell the test suite does not really exercise this.

There is no harm in falling back to also looking at the query parameters if no fragment is available, but this is IMO really on Google.

@lorenz commented on GitHub (Oct 19, 2023): That's really weird, Google should be returning this as a fragment, not a query string. [The standard](https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html) very clearly says that our request is compliant and it is AFAIK mandatory-to-implement for OIDC (but not OAuth 2.0). Google claims to be [OIDC certified](https://developers.google.com/identity/openid-connect/openid-connect), but from what I can tell the test suite does not really exercise this. There is no harm in falling back to also looking at the query parameters if no fragment is available, but this is IMO really on Google.

OVERLORD commented 2026-02-04 18:43:15 +03:00

Author

Owner

Copy Link

@meltyshev commented on GitHub (Oct 20, 2023):

Tested and released the fix: https://github.com/plankanban/planka/releases/tag/v1.14.1

@meltyshev commented on GitHub (Oct 20, 2023): Tested and released the fix: https://github.com/plankanban/planka/releases/tag/v1.14.1

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

dependabot/npm_and_yarn/client/multi-5543462fab

gh-pages

dependabot/npm_and_yarn/multi-795903f3f3

dependabot/npm_and_yarn/server/multi-60f2582fdd

dependabot/npm_and_yarn/client/qs-6.14.2

dependabot/npm_and_yarn/client/markdown-it-14.1.1

v2.0.2

planka-2.0.2

v2.0.1

planka-2.0.1

v2.0.0

planka-2.0.0

planka-1.1.2

planka-1.1.1

planka-1.1.0

planka-1.0.5

planka-1.0.4

v2.0.0-rc.4

v1.26.3

planka-0.2.26

planka-1.0.3

planka-1.0.2

v2.0.0-rc.3

planka-1.0.1

planka-1.0.0

v2.0.0-rc.2

planka-0.2.25

v1.26.2

v1.26.1

planka-0.2.24

v1.26.0

planka-0.2.23

v1.25.1

planka-0.2.22

v1.25.0

planka-0.2.21

v1.24.4

planka-0.2.20

v1.24.3

planka-0.2.19

planka-0.2.18

v1.24.2

planka-0.2.17

planka-0.2.16

v1.24.1

planka-0.2.15

v1.24.0

planka-0.2.14

v1.23.5

v1.23.4

planka-0.2.13

planka-0.2.12

v1.23.3

planka-0.2.11

v1.23.2

planka-0.2.10

v1.23.1

planka-0.2.9

v1.23.0

v1.22.0

planka-0.2.8

Labels

Clear labels

bug

bug

documentation

documentation

duplicate

enhancement

good first issue

help wanted

pull-request

Mirrored from GitHub Pull Request

question

wontfix

No Label enhancement

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/planka#360