Skip to content

OAuth Login with Github and Google

Ozzie Isaacs edited this page May 2, 2024 · 13 revisions

Setup

As prerequiste you need to install the dependencies listed in optional-requirements.txt in the Kobo integration section.

Setup Github as Oauth provider

The server hosting Calibre-Web has to be accessible via Internet to use this feature. Enable the OAuth login in Admin section -> Basic configuration -> Feature Configuration. You will see 2 new configuration fields poping up, and a link for creating the necessary settings on Github. After following the link, please create a new OAuth application by clicking on "New OAuth app". The following screenshot shows the relevant settings.

Settings

The Callback routine has to end with login/github/authorized (example above is for a Calibre-Web instance living in subfolder Calibre-Web). After clicking on "Register application" Github will present you the Client ID and Client secret values. If your Callback routine is a non encrypted endpoint, Calibre-Web will deny accepting tokens for this endpoint. You can overwrite the encrpytion check by setting an enviroment variable with the name OAUTHLIB_INSECURE_TRANSPORT. This is for obvious reasons ** NOT recommended** for productive systems.

Keys

Please enter both values in the corresponding fields in Calibre-Web. After pressing save, the OAuth login is ready to use. Each user has afterwards to link his Github account to Calibre-Web. This is done by going to the user's profile page. There you see a "Link" Buttn, by clicking on this, you will redirect to Github, where you are asked to enter your Github username and Github password. Github will now redirect you back to Calibre-Web and the buttons text changes to "Unlink". By clicking on "Unlink" you remove the Github account from your user's account and it's no longer possible to login to this user with the Github account.

If you log out from Calibre-Web, you will see a little Github account on the login page, by clicking the logo, you will redirect to Github. By entering a Github username and Github password you are logged in to the corresponding linked Calibre-Web user.

Setup Google as Oauth provider

Go to the Google Developer console and create a project. After doing so, click on Credentials, and Create Credentials. Select Oauth client ID. Select Web application as Application type. In the Authorized redirect URIs add your callback URI, it should end with login/google/authorized. After clicking on Create a popup opens displaying your client ID and your Client secret. Copy this information in the corresponding fields in Calibre-Web. You should see the Application in the OAuth 2.0 Client IDs table section. After closing the popup you can copy the Client ID from the displayed table. To get the client secrect you have to download the config (with the little arrow pointing downwards symbol and search for the text client_secret in the downloaded file. Important: To make the OAuth Login working with Google you should set the OAUTHLIB_RELAX_TOKEN_SCOPE environment variable. Otherwise the verification fails with an Internal Server Error ... "Warning: Scope has changed from..." in Calibre-Web.