How to Create Custom OAuths for Google Connectors

webMethods.io Integration lets you create custom OAuths for the supported Google connectors. This custom OAuths can then be used to configure supported triggers and actions.

When you are configuring an action or a trigger, you are prompted to select an existing account or create a new account. To create custom OAuth, click the + icon located beside the Authorize {connector_name} label. You will be redirected to the screen given below:

1-add-account.png

Here, you need to enter the relevant details associated with your Google service account to create custom OAuth.

Refer the below sections to retrieve the relevant details required to create a custom OAuth.

Retrieving Client ID and Client Secret

You need to have a relevant Google connector app in Google Cloud Platform to retrieve its Client ID and Client Secret. We will first understand how to create an app for a Google Connector (if you have already created an app, skip to step 4).

Let’s say you want to create an app for Dialogflow. To do this, follow the steps given below:

Step 1: Login to Google Cloud Platform and create a new project


First, login to Google Cloud Platform. You will be prompted to create a new project.

5-new-project.png

Once you have entered the relevant details, click Create. This will redirect you to the project dashboard.

Step 2: Enable service APIs


Click on the + ENABLE APIS AND SERVICES button.

6-add-apis.png

This will take you to the Google API library where you can view a list of all services supported by Google.

Click the service for which you want to create an app.

7-select-service.png

This will set up the selected service API in your account. Click on Enable to enable it for your account.

8-enable-app.png

Step 3: Set up OAuth Client ID

Once the API is enabled, you will be redirected to the API dashboard.

Click on the Credentials menu listed in the left-side panel, and then select the OAuth Client ID option from the CREATE CREDENTIALS dropdown menu.

9-set-up-oauth.png

You will be prompted to Configure the consent screen details. To do so, click the Configure consent screen button.

10-consent-screen.png

This will take you to OAuth Consent screen screen where you need to provide the following details:

Application type:
Specify whether you want to create a public or private application.

Application name:
Provide a suitable name for your application.

Authorized domains:
Enter the domain(s) for which you want to enable OAuth access.

11-oauth-set-up.png

Once this is done, click Save.

Set Application type to Web in the next screen that appears and specify the redirect URL in the Authorized redirect URIs field.

Note:
The redirect URI should match with the domain(s) you have specified in the previous screen.

12-redirect-uri.png

Once this is done, click Create. With this, your app will be successfully created.

Step 4: Retrieve Client ID and Client Secret


As soon as the app is created, you will see the Client ID and Client Secret in the pop-up window.

13-client-details.png

You can alternatively view the Client ID and Client Secret by navigating to relevant project dashboard, and clicking the Credentials menu listed in the left-side panel.

You will see the list of all existing OAuths clients.

2-app-creds.png


Locate the OAuth client of which Client ID and Client Secret keys you want to retrieve, and click on the Edit OAuth Client icon given against it.

3-edit-app.png

This will take you to the OAuth Client configuration screen where you can see the Client ID and Client secret for the selected app at the top of the page.

4-get-creds.png

Copy the Client ID and Client Secret from here and add them to the respective fields in the Add Account window.

Retrieving Access Token and Request Token

You can use services like Postman to retrieve the Access Token and Request Token. To do this, you need to perform two steps where you make two API requests to relevant Google service.

Step 1: Retrieve authorization code required to fetch access token and request token


Open Postman and set up the first request as given below:

Method: Get

Request URL: https://accounts.google.com/o/oauth2/v2/auth

Params:

KeyValue
client_id{Enter client_id}
redirect_uri{Enter redirect_uri}
response_typecode
scope{Enter relevant scope from this list}
include_granted_scopestrue
statepass through value
promptconsent
access_typeoffline

14-first-request.png


Once this is done, you will notice that the params passed by you are appended to the request URL. Copy this modified request URL, paste it in any browser, and hit enter.

You will be prompted to select the Gmail account you want to use. Once you do this, you will see the consent screen for the app created by you.

15-consent-screen.png

Click Allow. This will take you to the homepage of your app. Copy the value of the code key displayed in the address bar and save it in any text editor. We will need this key in the next step when we send the request to retrieve the Access Token and Request Token.

16-code.png

Step 2: Retrieve Access Token and Refresh Token


Open Postman and set up the second request as given below:

Method:
Post

Request URL:
https://www.googleapis.com/oauth2/v4/token

Params:

KeyValue
client_id{Enter client_id}
client_secret{Enter client_secret}
redirect_uri{Enter redirect_uri}
grant_typeauthorization_code
code{code retrieved from step 1}
17-second-call.png

Once you have entered all the details, click Send. This will return the Access Token and Request Token along with other details in the Body tab of the response.

18-access-token-and-request-token.png

Copy the Access Token and Request Token from here and add them to the respective fields in the Add Account window.

19-completed-form.png

Note: The value of Refresh URL will always be https://www.googleapis.com/oauth2/v4/token and the value of Grant Type will always be refresh_token for all Google connectors.

List of Scopes for Google Services

Table given below contains the scope(s) to be used while sending the first request in order to retrieve the Access Token and Refresh Token.

Note: Please use space separator in case of multiple scopes.

Service NameScope(s)
Gmailhttps://www.googleapis.com/auth/gmail.modify
https://www.googleapis.com/auth/gmail.readonly
https://www.googleapis.com/auth/gmail.compose
Dialogflowhttps://www.googleapis.com/auth/cloud-platform
https://www.googleapis.com/auth/dialogflow
Google Contactshttps://www.google.com/m8/feeds
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile
Google Formshttps://spreadsheets.google.com/feeds/
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile
https://www.googleapis.com/auth/drive.readonly
Google Taskshttps://www.googleapis.com/auth/tasks
https://www.googleapis.com/auth/tasks.readonly
https://www.googleapis.com/auth/taskqueue.consumer
https://www.googleapis.com/auth/taskqueue
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile
Google Sheetshttps://spreadsheets.google.com/feeds/
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile
https://www.googleapis.com/auth/drive.readonly
Google Drivehttps://www.googleapis.com/auth/drive.metadata
https://www.googleapis.com/auth/drive.file
https://www.googleapis.com/auth/drive
https://www.googleapis.com/auth/drive.apps.readonly
https://www.googleapis.com/auth/drive.scripts
https://www.googleapis.com/auth/drive.install
https://www.googleapis.com/auth/drive.appdata
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile
Google Calendarhttps://www.googleapis.com/auth/calendar
https://www.googleapis.com/auth/calendar.readonly
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile
Google Apps Adminhttps://www.googleapis.com/auth/admin.directory.device.mobile
https://www.googleapis.com/auth/admin.directory.device.mobile.readonly
https://www.googleapis.com/auth/admin.directory.device.mobile.action
https://www.googleapis.com/auth/admin.directory.group.member
https://www.googleapis.com/auth/admin.directory.group.member.readonly
https://www.googleapis.com/auth/admin.directory.group
https://www.googleapis.com/auth/admin.directory.group.readonly
https://www.googleapis.com/auth/admin.directory.orgunit
https://www.googleapis.com/auth/admin.directory.orgunit.readonly
https://www.googleapis.com/auth/admin.directory.user
https://www.googleapis.com/auth/admin.directory.user.readonly
https://www.googleapis.com/auth/admin.directory.user.alias
https://www.googleapis.com/auth/admin.directory.user.alias.readonly
https://www.googleapis.com/auth/admin.directory.user.security
https://www.googleapis.com/auth/admin.directory.rolemanagement
https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly
https://www.googleapis.com/auth/admin.directory.userschema
https://www.googleapis.com/auth/admin.directory.userschema.readonly
https://www.googleapis.com/auth/admin.directory.notifications
https://www.googleapis.com/auth/admin.directory.customer
https://www.googleapis.com/auth/admin.directory.customer.readonly
https://www.googleapis.com/auth/admin.directory.domain
https://www.googleapis.com/auth/admin.directory.domain.readonly
https://www.googleapis.com/auth/admin.directory.resource.calendar
https://www.googleapis.com/auth/admin.directory.resource.calendar.readonly
https://www.googleapis.com/auth/admin.directory.device.chromeos
https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly
Google Analyticshttps://www.googleapis.com/auth/analytics
https://www.googleapis.com/auth/analytics.edit
https://www.googleapis.com/auth/analytics.manage.users
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile
Google Cloud PubSubhttps://www.googleapis.com/auth/pubsub
https://www.googleapis.com/auth/cloud-platform
Google Analytics Reportinghttps://www.googleapis.com/auth/analytics
https://www.googleapis.com/auth/analytics.edit
https://www.googleapis.com/auth/analytics.manage.users
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile
Google BigQueryhttps://www.googleapis.com/auth/bigquery
https://www.googleapis.com/auth/bigquery.readonly
https://www.googleapis.com/auth/cloud-platform
https://www.googleapis.com/auth/devstorage.full_control
https://www.googleapis.com/auth/devstorage.read_only
https://www.googleapis.com/auth/devstorage.read_write
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile
Google Translatorhttps://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile
https://www.googleapis.com/auth/cloud-translation
https://www.googleapis.com/auth/cloud-platform
Google Cloud Storagehttps://www.googleapis.com/auth/devstorage.full_control
https://www.googleapis.com/auth/devstorage.read_only
https://www.googleapis.com/auth/devstorage.read_write
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile