OAUTH CONFIGURATION GUIDE
=========================

This guide explains how to obtain the necessary credentials (Client ID and Client Secret) to enable Google and LinkedIn login on your platform.

1. GOOGLE OAUTH SETUP
---------------------

1. Go to Google Cloud Console:
   - Navigate to: https://console.cloud.google.com/apis/credentials

2. Create a Project:
   - If you haven't already, create a new project for your application.

3. Configure Consent Screen:
   - Go to "OAuth consent screen".
   - Select "External" (unless you are G-Suite only) and click Create.
   - Fill in required details (App name, User support email, Developer contact information).
   - Scopes: Add ".../auth/userinfo.email" and ".../auth/userinfo.profile".
   - Test Users: Add your own email to test while in "Testing" mode.

4. Create Credentials:
   - Go back to "Credentials" -> "+ create credentials" -> "OAuth client ID".
   - Application type: Web application.
   - Authorized JavaScript origins:
     * http://localhost:5173 (Frontend Dev)
     * http://localhost:5001 (Backend Dev)
     * https://your-production-domain.com
   - Authorized redirect URIs: (Critical!)
     * http://localhost:5001/api/auth/google/callback
     * https://your-production-domain.com/api/auth/google/callback
   - Note: Ensure the path matches exactly.

5. Copy Credentials:
   - Copy the "Client ID" and "Client Secret".


2. LINKEDIN OAUTH SETUP
-----------------------

1. Go to LinkedIn Developers:
   - Navigate to: https://www.linkedin.com/developers/apps

2. Create an App:
   - Click "Create app".
   - Fill in details (App name, LinkedIn Page, Logo).

3. Request Product Access:
   - Go to the "Products" tab.
   - Request access for "Sign In with LinkedIn using OpenID Connect". (Approvals are usually instant).

4. Configure Redirect URLs:
   - Go to the "Auth" tab.
   - Under "OAuth 2.0 settings", find "Authorized redirect URLs for your app".
   - Add:
     * http://localhost:5001/api/auth/linkedin/callback
     * https://your-production-domain.com/api/auth/linkedin/callback

5. Copy Credentials:
   - Under "Application credentials" (Auth tab), copy the "Client ID" and "Client Secret".


3. CONFIGURE YOUR PLATFORM
--------------------------

1. Log in as Super Admin.
2. Navigate to Admin Console -> System Settings.
3. Click on the "Authentication" tab.

4. Google Login:
   - Toggle "Enable Google Login" ON.
   - Paste your Client ID and Client Secret.

5. LinkedIn Login:
   - Toggle "Enable LinkedIn Login" ON.
   - Paste your Client ID and Client Secret.

6. Click "Save Settings".

The login buttons will now automatically appear on your Login and Registration pages!


4. PRODUCTION DEPLOYMENT (CRITICAL)
-----------------------------------

When deploying to production (e.g., https://v-soc.io), you MUST ensure the following Environment Variables are set on your backend server:

1. API_URL: The full public URL of your backend.
   - Example: https://v-soc.io (if backend shares domain)
   - Example: https://api.v-soc.io (if separate)

2. CLIENT_ORIGIN: The full public URL of your frontend.
   - Example: https://v-soc.io

If these are not set correctly, Google/LinkedIn will reject the login attempt with a redirect error.

Also, remember to add these Production URLs to your Google/LinkedIn Console:
- Authorized JavaScript origins: https://v-soc.io
- Authorized redirect URIs: https://v-soc.io/api/auth/google/callback