×

Please give details of the problem

Docs

Find

Google integration using OAuth 2.0 authentication

Like many web services, Google APIs allow its clients to use OAuth 2.0 as an authentication method.

In this tutorial we will focus on how to configure of a Google Project to be able to use the OAuth 2.0 authentication to call Google APIs calls from RunMyProcess.

Once the Google project is configured, you will be able to use the techniques described in the Dropbox tutorial to perform the authorization and to configure your processes.

Setting up your Google application

The first step to be able to access the Google APIs using OAuth 2.0 is to register your application to Google. This will allow you

  • to create a client id
  • to create a client secret
  • to configure the consent screen the end user will be presented during the autorization phase
  • to set a redirection URL for the authorization phase
  • to specify the scopes you want to access

To create your new Google application, please go to the Google Developers Console, and click the Create Project button.

Google Project Creation

Credentials configuration

Create the credentials by clicking on APIs & auth and then on Credentials in order to create a new OAuth client key.

Create Credentials

When asked, choose to create a Web Application application. This will enable you to configure the consent screen.

Web App

Configure your consent screen that will be used by Google to ask the end user if he / she allows RunMyProcess to access its data. The consent screen lists precisely which data can be accesse d by the application, or in other words the scopes of the application.

Consent Screen

After configuring the consent screen, you will be redirected back to the OAuth client id wizard to configure the redirect uri. This redirect uri should be a RunMyProcess application. This will enable your RunMyProcess application to get the authorization code which is the main outcome of the authorization phase. This authorization code can then be exchanged to an access token that will authenticate calls to the Google APIs.

It is important to note that you may configure several redirection uri, meaning that you can use the same Google application or project for different RunMyProcess applications.

Redirect Uri

Once created, the client id will appear on the Credentials page

Credentials

Scopes configuration

To complete the configuration of the Google project, you must choose the Google APIs your application will need to access. This information should match the scopes parameter that you'll use in the authorization phase.

To configure the APIs, go to APIs & auth and its APIs submenu. Click on an API to enable it.

Scope

Once you have enable all the APIs that you want to access through your Google project, you can visualize them in the Enabled APIs tab. In this example we have only enabled the Calendar API. All the other APIs were enabled by default.

Scope2

RunMyProcess configuration

In order to perform the authorization phase of the OAuth 2.0 protocol, you need to store on RunMyProcess the client_id and client_secret that have been created. Those credentials should be stored securely, by using for example the project vault APIs.

You should also create an web interface that will launch the authorization page as explained in the Dropbox tutorial. You should also have created a web interface which url will be used by Google for redirection after the end user consent. Those two web interfaces can be identical : it all depends on the authorization flow that you want to create for the end user.

See also

The official OAuth 2.0 specifications

The official OAuth 2.0 web site

Google OAuth2 documentation

The Dropbox Oauth 2.0 integration tutorial

The RunMyProcess Freemarker API documentation, where you can find the documentation of the project vault API and OAuth service tokens API in the Request section.