Skip to main content

Sign-in with Google

This guide provides instructions on configuring Google authentication for the Exchange API Vault.
By integrating with Google, you can leverage centralized identity management and secure access control for your Exchange API Vault deployment.

1. Register 3 Applications in Google

To enable Google authentication, you need to register three applications in your Google project, one for each Vertex node in your MPC cluster.

Info

Three separate applications need to be registered in Google, one for each Vertex node in your MPC cluster, in order to preserve the distributed security model of the MPC cluster.
The user experience will remain seamless, as the Exchange API Vault frontend UI will take care of authenticating against all three applications behind the scenes, the user will only need to authenticate once.

Registering an Application

It is recommended to follow the official Google guide here.

At a high level, the steps are as follows:

  1. Sign in to the GCP console using an account with the necessary permissions to register applications (Application Developer permissions).
  2. Navigate to Google > APIs & Services > Credentials.
  3. Provide a name for the application (e.g., SodotNode1, SodotNode2, SodotNode3).
  4. (Optional) Specify a Redirect URI as shown in the next section.
  5. Click Register to create the application.
  6. You will now be able to see the Application (client) ID. Make sure to note these down as they will be needed later.

You will need to repeat this process to create a total of three applications, one for each Vertex node in your cluster.

2. Configure Redirect URIs for Each Application

After registering the applications, you need to configure the redirect URIs for each application.
The redirect URI is where Google will send authentication responses.
This should be set to the URL of the Exchange API Vault frontend UI (e.g., https://your-exchange-api-vault-frontend-url.com/auth/callback).
In case of local development, you can also set a local endpoint (e.g. http://localhost:3000/auth/callback) as a valid redirect URI.

The official Google guide for configuring redirect URIs can be found here.

Summary

You should now have:

  • 3 registered applications in Google, one for each Vertex node in your MPC cluster.
    • 3 Application (client) IDs - 1 for each Vertex node.
  • Configured redirect URIs for each application pointing to your Exchange API Vault frontend UI (or the desired redirect URI for a yet-to-be-deployed frontend UI).

The client IDs will be used during the deployment of the Exchange API Vault to enable Google authentication.