Service Account
Setting up login via Google Service Account
This guide assumes you’ve already configured your google credentials, incase you haven’t follow the guide below to first do that :
Setup Google Credentials
Setup your Google Credentials for the application.
Setting up the Service Account and Credentials
First, from the menubar on the side, navigate to the IAM & Admin section. In there look for the Service Account section. Or directly visit here, and then select your project.
In there click on + CREATE SERVICE ACCOUNT .
Here, you will see the form that requires you to fill all the details about your service account.
Once you’ve filled out the details, click on CREATE AND CONTINUE
- Grant the roles, based on the internal policies preferred by your organization, in the account.
-
Click on
continue. -
Optionally you can allow a list of users to access the service account:
-
Click on
Done -
Once the service account has been created, you’ll be able to see it under the
Service Accountstable in theService Accountsection. -
In the
Service Accounttable where you can see your newly created service account, you will find anActionscolumn.
- Click on the three dots in the
Actionscolumn, and click inManage Keys.
- In there navigate to the
keystab. - Click on
ADD KEY, followed by clicking onCreate New Key
- Choose the
jsonoption for downloading the key file, and click onCreate.
- Remember the
Client idassociated with this json file. - Once the key file has been created, choose a reliable location for downloading the key file, this will be used for putting it in the
.envof the application
Enabling APIs
Switch to the new project you just created.
The first step is to enable the APIs which are needed for the app.
- From the menu in the Sidebar, under APIs and Services section select the
Enabled APIs & Services.
- In the
Enabled APIs & Servicespage, click on the+ Enable APIs & Services.
- You will now see a search box where you can search for the specific API that you want to enable. (For example : Google Drive API)
- Once you search for an API, you will find a list of APIs.
- From the list of APIs, select the Google Drive API to enable. And then click on
Enablein the API page.
- Once the API is enabled, you will see that the Enable button now changes to
Manage. This means that the API has been enabled.
- When you go back to the
Enabled APIs & Servicespage, you will see that the enabled API has appeared in the list.
Following the same steps above, enable the following APIs :
- Google Drive
- Google Calendar
- Google Slides
- Google Docs
- Google Sheets
- Gmail
- Contacts
- People
- Admin SDK
Setting up the OAuth Consent Screen
Once you’ve enabled the APIs, you’ll also need to add the scopes for these APIs. For our app we only require readonly scopes for all the APIs.
For this navigate to the OAuth Consent Screen in the Sidebar of your Google Cloud Console :
Under OAuth Consent screen select Internal :
Click on Create
Under the App Information Section, fill out the details :
- Provide a Name for the app (For ex: Xyne)
- Provide a User Support email (For ex: your-email@gmail.com)
- Upload an App Logo (if needed)
- Put your domain under
Authorizeddomain (You can choose to go ahead with your localhost or AWS IP Address) - Add Developer contact information (For ex: your-email@gmail.com)
Click Save and Continue
Click on Save and Continue again.
Leave the next page ,i.e. Test users blank.
This concludes the setting-up of your OAuth Consent Screen for service account.
Setting up Delegation
- Now that all of this is done, the
Workspace Adminneeds to do some delegations, navigate to Domain Wide Delegation. - Click on
Add New
- In there paste the
OAuth Client Idthat you received when creating the service account key. - Paste the following scopes :
- Click on
Authorize.