This article explains the concepts necessary to access Google web services data using Oauth2 authorization.
About OAuth
OAuth is an open standard for Internet users to log in to third party websites using their Google, Facebook, Microsoft, Twitter, One Network, etc. accounts without exposing their password. OAuth 2.0 is the 2nd version of this standard and is not backwards compatible with OAuth 1.0 (The remainder of this article will refer to OAuth 2.0 simply as OAuth).
About Google Cloud Integration
Google provides 3rd party data access via their Cloud Platform data products and Developer APIs. Examples of these data sources include Google Cloud storage, Google Sheets, Google Maps, Google Social, Google Mobile, YouTube, Google Advertising, Google Analytics, and other services. The steps for other 3rd party data access will be similar in concept.
Process Flow Overview
OAuth essentially uses an access token in place of a password. Because the access token expires, it is necessary to retrieve a new token periodically by calling a web service based on a static refresh token. The refresh token is obtained through a manual, one-time process using Google's OAuth 2.0 playground and is simply a 45 character string. Once obtained, it may be used as a parameter in your data flow for unlimited access to a user's Google account until the token is manually removed. Once a refresh token is acquired, the user simply needs to enter the client ID, client secret, and refresh token as depicted in the data flow below and all mapped google applications will be available.
Obtaining Refresh Token
Four steps are required to obtain a refresh token using Google's Developer playground. Once these are complete, you will have all the information you need to access Google API's via OAuth.
- Create a google email account
- Create project
- Assign credentials to the project
- Choose available API’s for the project
- Get a refresh token
While performing these steps, make sure to capture the following 3 identifiers:
- client_id
- client_secret
- refresh_token
Step 1: Create Google Account |
|
1) Create a Google email account if one does not exist. |
https://accounts.google.com/SignUp?hl=en e.g. InfogixSampleOauth |
Step 2: Create Project |
|
2) Launch a browser, log into Google Console and then go to Google API Manager and select “Create a project” |
API Manager Link = https://console.developers.google.com/projectselector/apis/credentials?pli=1 e.g. Project Name = InfogixSample Project ID = InfogixSample-144017 |
Step 3: Assign Credentials to Project |
|
3) Click on “Create Credentials” and select “OAuth client ID” |
You need credentials to access APIs. Enable the APIs you plan to use and then create the credentials they require. |
4) Select “Configure consent screen” |
To create an OAuth client ID, you must first set a product name on the consent screen |
5) Enter product name and then “Save” |
|
6) Select “Web application” as Application Type, enter a Name |
Note: In some version of IE browser the “Create” button is not enabled. It is recommended this step is done in Chrome. |
7) Enter the following in Authorized redirect URI: https://developers.google.com/oauthplayground |
https://developers.google.com/oauthplayground |
8) Click Create |
|
9) Make a note of the Client ID and secret and select OK |
e.g. Client ID = 358111121864-oueakjhr76ijh2dbtdtu0ijbvfp1l48p.apps.googleusercontent.com Client Secret = SUtXkt2DDeOd5KqBTXVJXvaW |
Step 4: Choose Available APIs for the Project |
|
10)Select “Library” to view a list of available Google APIs. |
|
11)Select desired APIs and then select “Enable” |
|
Step 5: Get a Refresh Token |
|
12)Login into Google’s OAuth Playground |
|
13)Click on the gear icon in the top-right corner of the page a) Click the checkbox for “Use your own OAuth credentials” b) Select “Offline” for Access Type |
Use your own OAuth credentials, enter the client ID and client secret from above. |
14)Select ALL desired APIs and then select “Authorize APIs” |
|
15)Select "Exchange authorization code for tokens" |
Make note of the following · Authorization code · Refresh Token · Access Token |
16)Remove temporary Oauth Playground |
Now that you have a refresh token, you no longer need the OAuth 2.0 Playground to be an authorized redirect URI. If you want to remove it from the list of authorized redirect URLs: Go to https://console.developers.google.com. Click on your project. Under APIs & auth -> Credentials, find your Client ID and click Edit settings. Remove https://developers.google.com/oauthplayground from the Authorized redirect URIs. Note that you must leave at least one redirect URI in place. Click Update. |
17)Paste the following values into the graph parameters |
· Authorization code · Refresh Token · Access Token |
Example Code
You can find an example LNA below:
Comments
0 comments
Please sign in to leave a comment.