Authenticate Matomo Users with Google OAuth
Matomo is a free and open-source alternative to Google Analytics. I have an instance of Matomo setup for some internal sites and some public sites.
Lately I've been obsessed with setting up Single-Sign-On (SSO) wherever I can. There is an official implementation that is developed by Matomo itself, however this comes at the cost of an annual subscription fee. Since I'm not making an extra profit with Matomo, I don't want to spend hundreds of Canadian Rupees just to use SSO. Fortunately, I can utilize Google's OpenID Connect service with my Google Workspace account and a third-party plugin (dominik-th/matomo-plugin-LoginOIDC: external authentication services for matomo (github.com)).
The Login OIDC plugin is available from the Matomo Plugin Marketplace. The only issue I faced during install was related the character set of the table created by the plugin. This can be solved by creating the table manually with the
utf8mb4 charset before activating the plugin.
Once activated, the plugin can be configured to use Google's OAuth 2.0 authentication system.
Here's how I've configured my Matomo instance:
|Disable external login for super users||
|Disable direct login URL||
|Create new users when users try to log in with unknown OIDC accounts||
|Disable second factor with OIDC||
|Logout URL||Leave blank.|
|Client ID||Create a Google Cloud Platform project with OAuth 2.0 credentials.|
|Client Secret||Create a Google Cloud Platform project with OAuth 2.0 credentials.|
|Redirect URI Overide||Leave blank.|
When creating a new Client ID for Web Application in the Google Cloud Platform Console, your Authorized Redirect URI will look like this: