Social auth configuration
Note: This is a paid feature available for Enterprise clients.
You can now easily set up authentication with popular social services, which opens doors to such benefits as:
- Convenience: you can use the existing social service credentials to sign in to CVAT.
- Time-saving: with just two clicks, you can sign in without the hassle of typing in сredentials, saving time and effort.
- Security: social auth service providers have high-level security measures in place to protect your accounts.
Currently, we offer three options:
- Authentication with Github.
- Authentication with Google.
- Authentication with Amazon Cognito.
With more to come soon. Stay tuned!
See:
- Enable authentication with a Google account
- Enable authentication with a GitHub account
- Enable authentication with an Amazon Cognito
Enable authentication with a Google account
To enable authentication, do the following:
-
Log in to the Google Cloud console
-
Create a project, and go to APIs & Services
-
On the left menu, select OAuth consent, then select User type (Internal or External), and click Create.
-
On the OAuth consent screen fill all required fields, and click Save and Continue.
-
On the Scopes screen, click Add or remove scopes and select
auth/userinfo.email
,auth/userinfo.profile
, andopenid
. Click Update, and Save and Continue.
For more information, see Configure Auth Consent. -
On the left menu, click Credentials, on the top menu click + Create credentials, and select OAuth client ID.
-
From the Application Type select Web application and configure: Application name, Authorized JavaScript origins, Authorized redirect URIs.
For example, if you plan to deploy CVAT instance onhttps://localhost:8080
, addhttps://localhost:8080
to authorized JS origins andhttps://localhost:8080/api/auth/social/goolge/login/callback/
to redirect URIs. -
Create configuration file in CVAT:
- Create the
auth_config.yml
file with the following content:
--- social_account: enabled: true google: client_id: <some_client_id> client_secret: <some_client_secret>
- Set
AUTH_CONFIG_PATH="<path_to_auth_config>
environment variable.
- Create the
-
In a terminal, run the following command:
docker compose -f docker-compose.yml -f docker-compose.dev.yml -f docker-compose.override.yml up -d --build
Enable authentication with a GitHub account
There are 2 basic steps to enable GitHub account authentication.
-
Open the GitHub settings page.
-
On the left menu, click <> Developer settings > OAuth Apps > Register new application.
For more information, see Creating an OAuth App -
Fill in the name field, set the homepage URL (for example:
https://localhost:8080
), and authentication callback URL (for example:https://localhost:8080/api/auth/social/github/login/callback/
). -
Create configuration file in CVAT:
- Create the
auth_config.yml
file with the following content:
--- social_account: enabled: true github: client_id: <some_client_id> client_secret: <some_client_secret>
- Set
AUTH_CONFIG_PATH="<path_to_auth_config>
environment variable.
- Create the
-
In a terminal, run the following command:
docker compose -f docker-compose.yml -f docker-compose.dev.yml -f docker-compose.override.yml up -d --build
Note: You can also configure GitHub App, but don’t forget to add required permissions.
In the Permission > Account permissions > Email addresses must be set to read-only.
Enable authentication with an Amazon Cognito
To enable authentication, do the following:
-
Create a user pool. For more information, see Amazon Cognito user pools
-
Fill in the name field, set the homepage URL (for example:
https://localhost:8080
), and authentication callback URL (for example:https://localhost:8080/api/auth/social/amazon-cognito/login/callback/
). -
Create configuration file in CVAT:
- Create the
auth_config.yml
file with the following content:
--- social_account: enabled: true amazon_cognito: client_id: <some_client_id> client_secret: <some_client_secret> domain: https://<domain-prefix>.auth.us-east-1.amazoncognito.com
- Set
AUTH_CONFIG_PATH="<path_to_auth_config>
environment variable.
- Create the
-
In a terminal, run the following command:
docker compose -f docker-compose.yml -f docker-compose.dev.yml -f docker-compose.override.yml up -d --build