Skip to content

Latest commit

 

History

History
50 lines (46 loc) · 2.86 KB

OAuth.md

File metadata and controls

50 lines (46 loc) · 2.86 KB
Raw

Using OAuth

Only complete this section if not authenticating via Service Account. See Authentication Methods for more details.

Create an OAuth credential

  1. Be signed into http://console.cloud.google.com/.
  2. From the hamburger menu on the left, select APIs & Services -> OAuth consent screen
  3. Select Internal for User Type
  4. Click Create
  5. Fill in your App name and User support email
  6. Scroll down to the Authorized Domains section
  7. Under Authorized domains, add the primary domain of your GWS organization.
  8. Add another email address for Developer contact information
  9. Click SAVE AND CONTINUE
  10. Do nothing on the Scopes screen, just click SAVE AND CONTINUE
  11. Review summary, then click BACK TO DASHBOARD
  12. Click Credentials from the menu on the left
  13. Click CREATE CREDENTIALS
  14. Select Oauth client ID
  15. Select Web application for Application type
  16. Give name as appropriate
  17. Under Authorized redirect URIs, click "ADD URI." Add http://localhost and http://localhost:8080/
  18. Click CREATE
  19. Click DOWNLOAD JSON from the resulting OAuth client created page
  20. Click OK
  21. Move the downloaded file (begins with client_secret*.json) to the root directory folder of this repo, rename to credentials.json
  22. Go back the menu on the left and click Enabled API Services
  23. In the center screen click Enable APIS AND Services
  24. Search for and enable the Admin SDK API
  25. Search for and enable the Groups Settings API
  26. During the first run of this tool your default web browser will open up a page to consent to the API scopes needed to run this tool. Sign in with an account with the necessary privileges and click allow.

Add the Oauth App to the allowlist

If you've limited application access to Google's APIs in your organization, the Common Controls: App Access to Google APIs baseline covers this topic, follow the directions below to allowlist the OAuth app.

  1. Login to https://console.cloud.google.com
  2. Navigate to the appropriate project
  3. Select API's & Services from the top left hamburger icon
  4. Select Credentials
  5. Copy your client ID under OAuth 2.0 Client IDs
  6. Now login to admin.google.com and navigate to Security -> Access and Data Control -> API Controls -> Manage Third-Party App Access
  7. Select Add App -> Oauth App Name or Client ID
  8. Search by your OAuth client ID
  9. Select the App
  10. Select your root organization as the domain
  11. Select Trusted

Navigation