# Google OAuth Setup Guide

## Overview
Your VIP Coordinator now includes Google OAuth authentication! This guide will help you set up Google OAuth credentials so users can log in with their Google accounts.

## Step 1: Google Cloud Console Setup

### 1. Go to Google Cloud Console
Visit: https://console.cloud.google.com/

### 2. Create or Select a Project
- If you don't have a project, click "Create Project"
- Give it a name like "VIP Coordinator"
- Select your organization if applicable

### 3. Enable Google+ API
- Go to "APIs & Services" → "Library"
- Search for "Google+ API" 
- Click on it and press "Enable"

### 4. Create OAuth 2.0 Credentials
- Go to "APIs & Services" → "Credentials"
- Click "Create Credentials" → "OAuth 2.0 Client IDs"
- Choose "Web application" as the application type
- Give it a name like "VIP Coordinator Web App"

### 5. Configure Authorized URLs
**Authorized JavaScript origins:**
```
http://bsa.madeamess.online:5173
http://localhost:5173
```

**Authorized redirect URIs:**
```
http://bsa.madeamess.online:3000/auth/google/callback
http://localhost:3000/auth/google/callback
```

### 6. Save Your Credentials
- Copy the **Client ID** and **Client Secret**
- You'll need these for the next step

## Step 2: Configure VIP Coordinator

### 1. Access Admin Dashboard
- Go to: http://bsa.madeamess.online:5173/admin
- Enter the admin password: `admin123`

### 2. Add Google OAuth Credentials
- Scroll to the "Google OAuth Credentials" section
- Paste your **Client ID** in the first field
- Paste your **Client Secret** in the second field
- Click "Save All Settings"

## Step 3: Test the Setup

### 1. Access the Application
- Go to: http://bsa.madeamess.online:5173
- You should see a Google login button

### 2. First Login (Admin Setup)
- The first person to log in will automatically become the administrator
- Subsequent users will be assigned the "coordinator" role by default
- Drivers will need to register separately

### 3. User Roles
- **Administrator**: Full system access, user management, settings
- **Coordinator**: VIP and schedule management, driver assignments
- **Driver**: Personal schedule view, location updates

## Troubleshooting

### Common Issues:

1. **"Blocked request" error**
   - Make sure your domain is added to authorized JavaScript origins
   - Check that the redirect URI matches exactly

2. **"OAuth credentials not configured" warning**
   - Verify you've entered both Client ID and Client Secret
   - Make sure you clicked "Save All Settings"

3. **Login button not working**
   - Check browser console for errors
   - Verify the backend is running on port 3000

### Getting Help:
- Check the browser console for error messages
- Verify all URLs match exactly (including http/https)
- Make sure the Google+ API is enabled in your project

## Security Notes

- Keep your Client Secret secure and never share it publicly
- The credentials are stored securely in your database
- Sessions last 24 hours as requested
- Only the frontend (port 5173) is exposed externally for security

## Next Steps

Once Google OAuth is working:
1. Test the login flow with different Google accounts
2. Assign appropriate roles to users through the admin dashboard
3. Create VIPs and schedules to test the full system
4. Set up additional API keys (AviationStack, etc.) as needed

Your VIP Coordinator is now ready for secure, role-based access!