General Setup for Google Cloud Platform

Enhanced Advanced

Configuring a Google OAuth integration in Posit Connect involves two main steps, each performed by different administrators.

Step 1: Google administrator

All OAuth integrations that use APIs from within Google Cloud Platform must start with registering an OAuth Client ID.

  1. The specific API permissions that need to be enabled in the Google Cloud project.
  2. The corresponding scopes that are passed on to the Connect administrator.

This page will walk through the process of configuring an OAuth Client ID in Google Cloud Platform and provide a list of API permissions and their corresponding scopes for the Google Cloud Platform OAuth integrations that Connect natively supports.

Create an OAuth Client ID

A Google Cloud Administrator registers an OAuth Client ID within a project by navigating to APIs & Services > Credentials > Create Credentials > OAuth Client ID, selecting “Web application”, and clicking “Create”.

From here, the following items must be configured within the OAuth Client ID:

  1. Client Secret. The Client Secret must be recorded to be passed on to the Connect Administrator.
  2. Authorized redirect URI. This should be set as https://connect.example.org/__oauth__/integrations/callback where connect.example.org is replaced with the address of the Connect server.
Note

Google requires Confidential OAuth clients. Public clients are not allowed.

Add API permissions

In the APIs & Services section, the GCP administrator adds the required permissions for the OAuth application. API permissions define the capabilities granted to the user when they request credentials from this OAuth application. These permissions are also referred to as scopes.

If a given API is not already enabled, a Google Cloud Administrator can do so by navigating to APIs & Services > Library, searching for the API, and clicking “Enable”.

Integration API Permission
Big Query BigQuery API
Drive Google Drive API
Sheets Google Sheets API
Vertex AI Vertex AI API

Transfer information to Connect administrator

The Google administrator shares the following information with the Posit Connect administrator:

Field Description
client_id The unique identifier of the Google Oauth application.
client_secret The secret string for the Google OAuth application.
scopes The permissions requested by Connect. See the discussion on Scopes below for additional details.

Step 2: Posit Connect administrator

After the Google administrator completes the steps listed in the General setup guide, they pass the necessary information (client_id, client_secret, scopes, etc) to the Connect administrator who follows the instructions in this guide to complete the process of setting up an OAuth integration.

Create OAuth integration in Posit Connect

Using the information from the Google administrator, the Posit Connect administrator creates an integration through the dashboard’s System > Integrations settings. Once the OAuth integration has been created in Connect, it is available for use by all publishers.

Create Google OAuth integration.

Alternatively, the example below shows how to create a Google BigQuery OAuth integration using curl and the Connect Server API. Replace connect.example.org with the address of the Connect server.

Terminal
curl -H "Authorization: Key ${CONNECT_API_KEY}" \
  -XPOST https://connect.example.org/__api__/v1/oauth/integrations \
  --data '{
    "template": "bigquery",
    "name": "Google Application",
    "description": "A helpful description for publishers to use when choosing an OAuth integration for their content.",
    "config": {
      "client_id": "<client-id>",
      "client_secret": "<client-secret>",
      "auth_mode": "Confidential",
      "scopes": "https://www.googleapis.com/auth/bigquery https://www.googleapis.com/auth/bigquery.insertdata"
    }
  }'
# 200 OK
# {"guid": "<oauth-integration-guid>", ... }

After the Google administrator completes the steps listed in the General setup guide, they pass the necessary information (client_id, client_secret, scopes, etc) to the Connect administrator who follows the instructions in this guide to complete the process of setting up an OAuth integration.

Create OAuth integration in Posit Connect

Using the information from the Google administrator, the Posit Connect administrator creates an integration through the dashboard’s System > Integrations settings. Once the OAuth integration has been created in Connect, it is available for use by all publishers.

Create Google Drive OAuth integration.

Alternatively, the example below shows how to create a Google Drive OAuth integration using curl and the Connect Server API. Replace connect.example.org with the address of the Connect server.

Terminal
curl -H "Authorization: Key ${CONNECT_API_KEY}" \
  -XPOST https://connect.example.org/__api__/v1/oauth/integrations \
  --data '{
    "template": "drive",
    "name": "Google Drive",
    "description": "A helpful description for publishers to use when choosing an OAuth integration for their content.",
    "config": {
      "client_id": "<client-id>",
      "client_secret": "<client-secret>",
      "auth_mode": "Confidential",
      "scopes": "https://www.googleapis.com/auth/drive"
    }
  }'
# 200 OK
# {"guid": "<oauth-integration-guid>", ... }

After the Google administrator completes the steps listed in the General setup guide, they pass the necessary information (client_id, client_secret, scopes, etc) to the Connect administrator who follows the instructions in this guide to complete the process of setting up an OAuth integration.

Create OAuth integration in Posit Connect

Using the information from the Google administrator, the Posit Connect administrator creates an integration through the dashboard’s System > Integrations settings. Once the OAuth integration has been created in Connect, it is available for use by all publishers.

Create Google Sheets OAuth integration.

Alternatively, the example below shows how to create a Google Sheets OAuth integration using curl and the Connect Server API. Replace connect.example.org with the address of the Connect server.

Terminal
curl -H "Authorization: Key ${CONNECT_API_KEY}" \
  -XPOST https://connect.example.org/__api__/v1/oauth/integrations \
  --data '{
    "template": "sheets",
    "name": "Google Sheets",
    "description": "A helpful description for publishers to use when choosing an OAuth integration for their content.",
    "config": {
      "client_id": "<client-id>",
      "client_secret": "<client-secret>",
      "auth_mode": "Confidential",
      "scopes": "https://www.googleapis.com/auth/spreadsheets https://www.googleapis.com/auth/drive"
    }
  }'
# 200 OK
# {"guid": "<oauth-integration-guid>", ... }

After the Google administrator completes the steps listed in the General setup guide, they pass the necessary information (client_id, client_secret, scopes, etc) to the Connect administrator who follows the instructions in this guide to complete the process of setting up an OAuth integration.

Create OAuth integration in Posit Connect

Using the information from the Google administrator, the Posit Connect administrator creates an integration through the dashboard’s System > Integrations settings. Once the OAuth integration has been created in Connect, it is available for use by all publishers.

Create Google OAuth integration.

Alternatively, the example below shows how to create a Google Vertex AI OAuth integration using curl and the Connect Server API. Replace connect.example.org with the address of the Connect server.

Terminal
curl -H "Authorization: Key ${CONNECT_API_KEY}" \
  -XPOST https://connect.example.org/__api__/v1/oauth/integrations \
  --data '{
    "template": "vertex-ai",
    "name": "Vertex AI Application",
    "description": "A helpful description for publishers to use when choosing an OAuth integration for their content.",
    "config": {
      "client_id": "<my-client-id.apps.googleusercontent.com>",
      "client_secret": "<client-secret>",
      "auth_mode": "Confidential",
      "scopes": "https://www.googleapis.com/auth/cloud-platform"
    }
  }'