Articles in this section

See more

Connecting to the Google Cloud Platform via OAuth 2.0

Avatar
Rocco Pigneri
  • Updated
Follow

This article explains the concepts necessary to access Google web services data using Oauth2 authorization.

About OAuth

OAuth is an open standard for Internet users to log in to third party websites using their Google, Facebook, Microsoft, Twitter, One Network, etc. accounts without exposing their password.  OAuth 2.0 is the 2nd version of this standard and is not backwards compatible with OAuth 1.0 (The remainder of this article will refer to OAuth 2.0 simply as OAuth).

About Google Cloud Integration

Google provides 3rd party data access via their Cloud Platform data products and Developer APIs.   Examples of these data sources include Google Cloud storage, Google Sheets, Google Maps, Google Social, Google Mobile, YouTube, Google Advertising, Google Analytics, and other services.  The steps for other 3rd party data access will be similar in concept.

Process Flow Overview

OAuth essentially uses an access token in place of a password.  Because the access token expires, it is necessary to retrieve a new token periodically by calling a web service based on a static refresh token.   The refresh token is obtained through a manual, one-time process using Google's OAuth 2.0 playground and is simply a 45 character string.  Once obtained, it may be used as a parameter in your data flow for unlimited access to a user's Google account until the token is manually removed.  Once a refresh token is acquired, the user simply needs to enter the client ID, client secret, and refresh token as depicted in the data flow below and all mapped google applications will be available.

Obtaining Refresh Token

Four steps are required to obtain a refresh token using Google's Developer playground.  Once these are complete, you will have all the information you need to access Google API's via OAuth. 

  1. Create a google email account
  2. Create project
  3. Assign credentials to the project
  4. Choose available API’s for the project
  5. Get a refresh token

While performing these steps, make sure to capture the following 3 identifiers:

  • client_id
  • client_secret
  • refresh_token

 

Step 1: Create Google Account

1)    Create a Google email account if one does not exist.  

https://accounts.google.com/SignUp?hl=en

e.g. InfogixSampleOauth

Step 2: Create Project 

2)    Launch a browser, log into Google Console and then go to Google API Manager and select “Create a project”

API Manager Link = https://console.developers.google.com/projectselector/apis/credentials?pli=1

e.g. Project Name = InfogixSample

Project ID =  InfogixSample-144017

Step 3: Assign Credentials to Project 

3)    Click on “Create Credentials” and select “OAuth client ID”

You need credentials to access APIs. Enable the APIs you plan to use and then create the credentials they require.

4)    Select “Configure consent screen”

To create an OAuth client ID, you must first set a product name on the consent screen

5)    Enter product name and then “Save”

 

6)    Select “Web application” as Application Type, enter a Name

Note: In some version of IE browser the “Create” button is not enabled.  It is recommended this step is done in Chrome. 

7)       Enter the following in Authorized redirect URI: https://developers.google.com/oauthplayground

https://developers.google.com/oauthplayground

8)       Click Create

 

9)    Make a note of the Client ID and secret and select OK

 e.g. Client ID =

358111121864-oueakjhr76ijh2dbtdtu0ijbvfp1l48p.apps.googleusercontent.com

Client Secret = SUtXkt2DDeOd5KqBTXVJXvaW

Step 4: Choose Available APIs for the Project 

10)Select “Library” to view a list of available Google APIs. 

 

 

11)Select desired APIs and then select “Enable”

 

Step 5: Get a Refresh Token 

12)Login into Google’s OAuth Playground

https://developers.google.com/oauthplayground 

13)Click on the gear icon in the top-right corner of the page

a)       Click the checkbox for “Use your own OAuth credentials”

b)       Select “Offline” for Access Type

Use your own OAuth credentials, enter the client ID and client secret from above.

14)Select ALL desired APIs and then select “Authorize APIs”

 

15)Select "Exchange authorization code for tokens"

 Make note of the following

·         Authorization code

·         Refresh Token

·         Access Token

16)Remove temporary Oauth Playground

Now that you have a refresh token, you no longer need the OAuth 2.0 Playground to be an authorized redirect URI. If you want to remove it from the list of authorized redirect URLs:

Go to https://console.developers.google.com.

Click on your project.

Under APIs & auth -> Credentials, find your Client ID and click Edit settings.

Remove https://developers.google.com/oauthplayground from the Authorized redirect URIs. Note that you must leave at least one redirect URI in place.

Click Update.

17)Paste the following values into the graph parameters

·         Authorization code

·         Refresh Token

·         Access Token 

 

Example Code

You can find an example LNA below:

 

Comments

0 comments

Please sign in to leave a comment.



Powered by Zendesk