- Getting Started
- Security Model
- Airflow Deployments
- Astro CLI
- Houston API
- Enterprise Edition
- Getting Started
Getting Create Google OAuth Creds
As of Astronomer v0.3, it uses Google OAuth to authenticate users. In order to get this setup you will need to create credentials to securely communicate with Google services
Note: We're also adding support for Auth0 very soon as an alternative OAuth provider to simplify installation.
Create OAuth Credentials
- A Google Account for accessing the GCP console
- Know the
baseDomainyou are installing Astronomer EE to. (ie. astro.yourdomain.com)
Step 1: Navigate to Google Cloud Platform
Visit the Google cloud console
Step 2: Create a project
If you already have an existing project you want to use, you can skip to Step 3
In the top nav, you will have a dropdown with a label of either a currently selected project or
Select a project.
Click this dropdown, which will open a project selection window. In this window, click the
Create project button in the top right.
This will direct you to a page to create a new project. Fill in the
Project Name field and click
Now you should have a new project and it should automatically be selected as your active project.
Step 3: Navigate to Credentials page
In the main menu, hover over the
APIs & Services item, and click on the sub-menu item of
Step 4: Update "OAuth consent screen"
Credentials page there will be three tabs. Click the center tab
OAuth consent screen. In this form, fill out the
Product name shown to users field. The value doesn't matter, but it must be set to create credentials.
Hit save in the bottom left of the form, and you should be ready to create your credentials
Step 5: Create "OAuth client ID"
Credentials page, click the left tab labeled
Credentials. Down the page will be a button labeled
Create credentials. Click this, which will open a dropdown. Hit the option labeled
OAuth client ID
Step 6: Create the OAuth credentials
You'll need to fill out some information to create the credentials. The important fields are outlined below:
Enter any name you want to give the credentials. This is just a label for the Google console to use.
Authorization redirect URIs
You need to whitelist the page in our Orbit UI your users will be redirected to after authenticating. This value should be:
So for instance, if your
astro.yourdomain.com, the value should be
Once these fields have been filled out, click the
Create button in the bottom left of the form.
Step 7: Copy your "clientID" and "clientSecret"
After creating your credentials, Google will redirect you back to the credentials page and popup a window with your newly created OAuth client credentials.
If you accidentally close this, or need to refer to them at a later date, clicking the name of the credentials you just created in the list of credentials on this page will display them.
You'll want to copy the clientID and clientSecret into the helm config file you are prepping for the Astronomer Helm install.