Google OAuth

Vulnotes supports Google OAuth for organizations that use Google Workspace. Users can log in with their Google account instead of a separate password.

Setup

1. Go to the Google Cloud Console and create an OAuth 2.0 client
2. Set the authorized redirect URI to your Vulnotes callback URL (shown in the settings page)
3. Copy the Client ID and Client Secret
4. In Vulnotes, go to Administration > Settings > Authentication
5. Enable Google OAuth and paste the Client ID and Client Secret

How login works

When Google OAuth is enabled, users see a Sign in with Google button on the login page. Clicking it opens the Google account selection screen. After selecting their account and granting access, they are redirected back to Vulnotes.

If the user does not have a Vulnotes account yet, one is automatically created using their Google email and display name with the default role.

Restricting by domain

You can restrict Google OAuth to specific email domains. This ensures that only users from your organization (e.g. @company.com) can log in, preventing personal Gmail accounts from accessing your instance.