Omen
Omen•14mo ago

Setting up oauth resources for gdrive/gsheets on self-hosted

Hi, I'm trying to set up google sheets and google drive oauth resources on my self-hosted windmill but need some help with the last steps. I followed the setup OAuth and SSO guide, added the relevant OAuth clients on google side and set up OAuth in Superardmin Settings -> Instance Settings -> SSO/OAuth. When it comes to adding the actual resources, they're not listed under OAuth APIs, and only in the Others category. When I use the gdrive/gsheets resource from that category, the resource does not appear to work as expected when I use it together in scripts.
Setup OAuth and SSO | Windmill
Windmill supports Single Sign-On for Microsoft, Google, GitHub, GitLab, Okta, and domain restriction.
No description
14 Replies
Omen
Omen•14mo ago
Hi @rubenf @Faton, please let me know if I should add anything to make this problem report more clear, thank you
rubenf
rubenf•14mo ago
Thanks for the report, we are a bit bottlenecked by customer requests at the moment but I will take a look ASAP I cannot reproduce your issue btw maybe your server logs contain clues but there isn't much we can do right now without us being able to reproduce it
Omen
Omen•14mo ago
Hi @rubenf, I've done a fresh server set-up with all steps from the guide. This seems to happen whenever building OAuth clients fails, as seen from the logs.
2023-09-28T20:52:00.580182Z INFO windmill: Base URL setting change detected
2023-09-28T20:52:00.589332Z INFO windmill_api::oauth2: OAuth loaded clients: gsheets, gdrive
2023-09-28T20:52:00.589384Z ERROR windmill_api::oauth2: Error building oauth client gsheets: Invalid redirect URL: relative URL without a base
2023-09-28T20:52:00.589402Z ERROR windmill_api::oauth2: Error building oauth client gdrive: Invalid redirect URL: relative URL without a base
2023-09-28T20:52:00.589408Z INFO windmill_api::oauth2: Final oauth config: AllClients {
logins: {},
connects: {},
slack: None,
}
2023-09-28T20:52:00.580182Z INFO windmill: Base URL setting change detected
2023-09-28T20:52:00.589332Z INFO windmill_api::oauth2: OAuth loaded clients: gsheets, gdrive
2023-09-28T20:52:00.589384Z ERROR windmill_api::oauth2: Error building oauth client gsheets: Invalid redirect URL: relative URL without a base
2023-09-28T20:52:00.589402Z ERROR windmill_api::oauth2: Error building oauth client gdrive: Invalid redirect URL: relative URL without a base
2023-09-28T20:52:00.589408Z INFO windmill_api::oauth2: Final oauth config: AllClients {
logins: {},
connects: {},
slack: None,
}
Omen
Omen•14mo ago
With those logs in mind I'll try to figure out what's wrong on the redirect URL side. For this use-case I have two oauth clients on google side with these redirect URLs https://myDomain.xyz/oauth/callback/gsheets https://myDomain.xyz/oauth/callback/gdrive
rubenf
rubenf•14mo ago
Did you set base url ?
Omen
Omen•14mo ago
In the .env file I've defined WM_BASE_URL=https://mydomain.xyz This is the CaddyFile
mydomain.xyz {
reverse_proxy /ws/* http://lsp:3001
reverse_proxy /* http://windmill_server:8000
}
mydomain.xyz {
reverse_proxy /ws/* http://lsp:3001
reverse_proxy /* http://windmill_server:8000
}
Do note that for some reason https doesn't seem to kick in either
rubenf
rubenf•14mo ago
You should do it from the super admin settings
Omen
Omen•14mo ago
It's also defined in super admin settings, yeah
rubenf
rubenf•14mo ago
That error is because base_url is not set
Omen
Omen•14mo ago
Hm that's strange indeed. The base_url is defined and stored similar to as seen in screenshot attached. The actual domain for the windmill server subdomain.mydomain.xyz and is set up as such on all ends. Could the use of subdomains be the cause of the issue?
No description
rubenf
rubenf•14mo ago
You need to use http:// or https:// That's not a base url otherwise
Omen
Omen•14mo ago
God damn, yes that was it I guess a regex to slap people in the face for not using http:// or https:// like me would be a blessing for this step Thanks for your time resolving this
rubenf
rubenf•14mo ago
Sure, wanna contribute it ? 🙂
Omen
Omen•14mo ago
Guess that kind of contribution is just a LLM prompt away, but yeah I'll def. look into the repo for a PR once I wrapped my head around the entire tool