Social auth configuration

Social accounts configuration guide.

Enable authentication with a Google account

To enable authentication, do the following:

  1. Log in to the Google Cloud console

  2. Create a project, and go to APIs & Services

  3. On the left menu, select OAuth consent, then select User type (Internal or External), and click Create.

  4. On the OAuth consent screen fill all required fields, and click Save and Continue.

  5. On the Scopes screen, click Add or remove scopes and select auth/userinfo.email, auth/userinfo.profile, and openid . Click Update, and Save and Continue.
    For more information, see Configure Auth Consent.

  6. On the left menu, click Credentials, on the top menu click + Create credentials, and select OAuth client ID.

  7. From the Application Type select Web application and configure: Application name, Authorized JavaScript origins, Authorized redirect URIs.
    For example, if you plan to deploy CVAT instance on https://localhost:8080, add https://localhost:8080 to authorized JS origins and https://localhost:8080/api/auth/google/login/callback/ to redirect URIs.
    Please make sure this URL matches GOOGLE_CALLBACK_URL settings variable on the server.

  8. Set environment variables in CVAT:

    1. Create docker-compose.override.yml with the following code:
    version: '3.3'
    services:
      cvat_server:
        environment:
          USE_ALLAUTH_SOCIAL_ACCOUNTS: 'True'
          SOCIAL_AUTH_GOOGLE_CLIENT_ID: '<YOUR_GOOGLE_CLIENT_ID>'
          SOCIAL_AUTH_GOOGLE_CLIENT_SECRET: '<YOUR_GOOGLE_CLIENT_SECRET>'
    
    1. In a terminal, run the following command:
    docker-compose -f docker-compose.yml -f docker-compose.override.yml up -d
    

Enable authentication with a Github account

There are 2 basic steps to enable Github account authentication.

  1. Open Github settings page.

  2. On the left menu, click <> Developer settings > OAuth Apps > Register new application.
    For more information, see Creating an OAuth App

  3. Fill in the name field, set the homepage URL (for example: https://localhost:8080), and authorization callback URL (for example: https://localhost:8080/api/auth/github/login/callback/).
    Please make sure this URL matches GITHUB_CALLBACK_URL settings variable on the server.

  4. Set environment variables in CVAT:

    1. Create docker-compose.override.yml with the following code:
    version: '3.3'
    services:
      cvat_server:
        environment:
          USE_ALLAUTH_SOCIAL_ACCOUNTS: 'True'
          SOCIAL_AUTH_GITHUB_CLIENT_ID: '<YOUR_GITHUB_CLIENT_ID>'
          SOCIAL_AUTH_GITHUB_CLIENT_SECRET: '<YOUR_GITHUB_CLIENT_SECRET>'
    
    1. In a terminal, run the following command:
    docker-compose -f docker-compose.yml -f docker-compose.override.yml up -d
    

Note: You can also configure Github App, but don’t forget to add required permissions.
In the Permission > Account permissions > Email addresses must be set to read-only.

You can also configure OAuth with other services, see Social Auth with Django services