Google integration using OAuth 2.0 authentication
Like many web services, Google APIs allow its clients to use OAuth 2.0 as an authentication method.
In this tutorial we will focus on how to configure of a Google Project to be able to use the OAuth 2.0 authentication to call Google APIs calls from RunMyProcess.
Once the Google project is configured, you will be able to use the techniques described in the Dropbox tutorial to perform the authorization and to configure your processes.
Setting up your Google application
The first step to be able to access the Google APIs using OAuth 2.0 is to register your application to Google. This will allow you
- to create a
- to create a
- to configure the consent screen the end user will be presented during the autorization phase
- to set a redirection URL for the authorization phase
- to specify the scopes you want to access
To create your new Google application, please go to the Google Developers Console, and click the
Create Project button.
Create the credentials by clicking on
APIs & auth and then on
Credentials in order to create a new OAuth client key.
When asked, choose to create a
Web Application application. This will enable you to configure the consent screen.
Configure your consent screen that will be used by Google to ask the end user if he / she allows RunMyProcess to access its data. The consent screen lists precisely which data can be accesse d by the application, or in other words the scopes of the application.
After configuring the consent screen, you will be redirected back to the OAuth client id wizard to configure the redirect uri. This redirect uri should be a RunMyProcess application. This will enable your RunMyProcess application to get the
authorization code which is the main outcome of the authorization phase. This
authorization code can then be exchanged to an
access token that will authenticate calls to the Google APIs.
It is important to note that you may configure several redirection uri, meaning that you can use the same Google application or project for different RunMyProcess applications.
Once created, the
client id will appear on the Credentials page
To complete the configuration of the Google project, you must choose the Google APIs your application will need to access. This information should match the
scopes parameter that you'll use in the authorization phase.
To configure the APIs, go to
APIs & auth and its
APIs submenu. Click on an API to enable it.
Once you have enable all the APIs that you want to access through your Google project, you can visualize them in the
Enabled APIs tab. In this example we have only enabled the
Calendar API. All the other APIs were enabled by default.
In order to perform the authorization phase of the OAuth 2.0 protocol, you need to store on RunMyProcess the
client_secret that have been created. Those credentials should be stored securely, by using for example the project vault APIs.
You should also create an web interface that will launch the authorization page as explained in the Dropbox tutorial. You should also have created a web interface which url will be used by Google for redirection after the end user consent. Those two web interfaces can be identical : it all depends on the authorization flow that you want to create for the end user.
The official OAuth 2.0 specifications
The official OAuth 2.0 web site