Skip to main content

How to set up Google OAuth 2.0 for Spotipo captive portal

Written by Matija Farkaš

Create Google API credentials for OAuth

First, before you even do anything in Spotipo, you need to create OAuth client ID credentials, which you will then use later to set this up in Spotipo.

First, you need to create a Consent screen if you haven't done so already.

To create new credentials, go to Google Console to obtain credentials for Oatuh 2.0. Then, go to Credentials section and create new OAuth client ID credentials.

If you haven't already done this, Google will ask you to add some app information and accept their T&C. Make sure you do that as below.

Filling in app information

Mark the audience as Internal.

For the rest, use any name and credentials that you'd like. And agree to Google Terms and services.

Adding new OAuth credentials

Now that you have this created, go to the clients tab, and create new OAuth Client ID. Set application type as Web application, as we require both secret and ID.

This will generate a new set of credentials. An ID and a secret.

!!!!!MAKE SURE TO WRITE THESE DOWN!!!!!

as secret credentials will go missing once you close the window.

Once that's done and you have everything written down. Proceed to Spotipo.

Set up SSO login in Spotipo

To enable SSO in spotipo, on your splash page editor, make sure to turn SSO (OAuth2) Login method on.

Once you have that turned on, proceed to Settings->SSO (OAuth 2) Login.

There, you'll be presented with a few fields. Make sure that the login type is set to Google. And fill in the rest of the credentials (ID and Secret) with the credentials generated on Google console.

Make sure to save the settings. If you've done everything correctly, OAuth2 should now be enabled for your organization.

Only thing left to do is to whitelist google domains in your router of choice.

Whitelisting domains

Before testing the portal out, make sure to enable the following domains in your router's settings for a captive portal.

accounts.google.com
googleapis.com
apis.google.com
gstatic.com

Add this alongside all the previous domains you have whitelisted for the portal. But do not delete previously set up ones.

Test the portal

Since some google domains are now whitelisted, android devices won't be able to have portal open up automatically. Instead, they should visit non https sites, like http://neverssl.com to have the portal trigger. After that, authentication can be done successfully.

To test the new login method with the portal, simply connect to your wifi that should have Oauth 2 set up, or test it using the Demo page in Spotipo.

Once you have done that, simply click on the "Login with a Service" (or just Sign in if this the only login method for you).

Then, try to log in with google Oauth and see if it works.

In case of any issues, feel free to contact us via chat in the bottom right, or by writing to us at [email protected] . We are always happy to help.

Did this answer your question?