Google: OAuth2 generic

This document contains instructions for creating a generic OAuth2 Google credential for use with custom operations.

Prerequisites

Set up OAuth

Create a new credential in Mosaic Workflows

  1. Follow the steps to Create a credential . If you create a credential by selecting Create new in the credentials dropdown in a node, Mosaic Workflows automatically creates the correct credential type for that node. If you select Credentials > New , you must browse for the credential type. To create a credential for a custom API call , select Google OAuth2 API . This allows you to create a generic credential, then set its scopes.
  2. Note the OAuth Redirect URL from the node credential modal. You'll need this in the next section.
  3. You must provide the scopes for this credential. Refer to Scopes for more information.

Set up OAuth in Google Cloud

  1. Go to Google Cloud Console and make sure you're in the project you want to use.
  2. Select + CREATE CREDENTIALS > OAuth client ID . .
  3. In the Application type dropdown, select Web application . Google automatically generates a name.
  4. Under Authorizes redirect URIs , select + ADD URI . Paste in the OAuth redirect URL from the previous step.
  5. Select CREATE .
  6. Enable each Google service API that you want to use:
    1. If using Google Perspective or Google Ads: Request API Access for Perspective or a Developer Token for Ads .
    2. Access your Google Cloud Console - Library . Make sure you're in the correct project.
  7. Search for and select the API(s) you want to enable. For example, for the Gmail node, search for and enable the Gmail API.
  8. Select ENABLE .

Create and test your connection

In Mosaic Workflows:

  1. Enter your new Client ID and Client Secret from Google Cloud Console in the credentials modal.
  2. Select Sign in with Google to complete your Google authentication.
  3. Save your new credentials.

Scopes

Many Google services have multiple possible access scopes. A scope limits what a user can do. Refer to OAuth 2.0 Scopes for Google APIs for a list of scopes for all services.

Mosaic Workflows doesn't support all scopes. When creating a generic Google OAuth2 API credential, you can enter scopes from the list. If you enter a scope that Mosaic Workflows doesn't already support, it won't work.

Supported scopes
Service Available scopes
Gmail https://www.googleapis.com/auth/gmail.labels
https://www.googleapis.com/auth/gmail.addons.current.action.compose
https://www.googleapis.com/auth/gmail.addons.current.message.action
https://mail.google.com/
https://www.googleapis.com/auth/gmail.modify
https://www.googleapis.com/auth/gmail.compose
Google Ads https://www.googleapis.com/auth/adwords
Google Analytics https://www.googleapis.com/auth/analytics
https://www.googleapis.com/auth/analytics.readonly
Google Big Query https://www.googleapis.com/auth/bigquery
Google Books https://www.googleapis.com/auth/books
Google Calendar https://www.googleapis.com/auth/calendar
https://www.googleapis.com/auth/calendar.events
Google Cloud Natural Language https://www.googleapis.com/auth/cloud-language
https://www.googleapis.com/auth/cloud-platform
Google Cloud Storage https://www.googleapis.com/auth/cloud-platform
https://www.googleapis.com/auth/cloud-platform.read-only
https://www.googleapis.com/auth/devstorage.full_control
https://www.googleapis.com/auth/devstorage.read_only
https://www.googleapis.com/auth/devstorage.read_write
Google Contacts https://www.googleapis.com/auth/contacts
Google Docs https://www.googleapis.com/auth/documents
https://www.googleapis.com/auth/drive
https://www.googleapis.com/auth/drive.file
Google Drive https://www.googleapis.com/auth/drive
https://www.googleapis.com/auth/drive.appdata
https://www.googleapis.com/auth/drive.photos.readonly
Google Firebase Cloud Firestore https://www.googleapis.com/auth/datastore
https://www.googleapis.com/auth/firebase
Google Firebase Realtime Database https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/firebase.database
https://www.googleapis.com/auth/firebase
Google Perspective https://www.googleapis.com/auth/userinfo.email
Google Sheets https://www.googleapis.com/auth/drive.file
https://www.googleapis.com/auth/spreadsheets
Google Slide https://www.googleapis.com/auth/drive.file
https://www.googleapis.com/auth/presentations
Google Tasks https://www.googleapis.com/auth/tasks
Google Translate https://www.googleapis.com/auth/cloud-translation
GSuite Admin https://www.googleapis.com/auth/admin.directory.group
https://www.googleapis.com/auth/admin.directory.user
https://www.googleapis.com/auth/admin.directory.domain.readonly
https://www.googleapis.com/auth/admin.directory.userschema.readonly

Troubleshooting

Google hasn't verified this app

If using the OAuth authentication method, you might see the warning Google hasn't verified this app. To avoid this, you can create OAuth credentials from the same account you want to authenticate.

If you need to use credentials generated by another account (by a developer or another third party), follow the instructions in Google Cloud documentation | Authorization errors: Google hasn't verified this app.

Google Cloud app becoming unauthorized

For Google Cloud apps with Publishing status set to Testing and User type set to External, consent and tokens expire after seven days. Refer to Google Cloud Platform Console Help | Setting up your OAuth consent screen for more information. To resolve this, reconnect the app in the Mosaic Workflows credentials modal.