General Setup for Google Cloud Platform
Configuring a Google OAuth integration in Posit Connect involves two main steps, each performed by different administrators.
- Step 1: A Google administrator registers an OAuth Client ID in a Google Cloud Platform project.
- Step 2: A Posit Connect administrator creates an OAuth integration within Connect.
Step 1: Google administrator
All OAuth integrations that use APIs from within Google Cloud Platform must start with registering an OAuth Client ID.
- The specific API permissions that need to be enabled in the Google Cloud project.
- The corresponding scopes that are passed on to the Connect administrator.
This page will walk through the process of configuring an OAuth Client ID in Google Cloud Platform and provide a list of API permissions and their corresponding scopes for the Google Cloud Platform OAuth integrations that Connect natively supports.
Create an OAuth Client ID
A Google Cloud Administrator registers an OAuth Client ID within a project by navigating to APIs & Services > Credentials > Create Credentials > OAuth Client ID, selecting “Web application”, and clicking “Create”.
From here, the following items must be configured within the OAuth Client ID:
- Client Secret. The Client Secret must be recorded to be passed on to the Connect Administrator.
- Authorized redirect URI. This should be set as
https://connect.example.org/__oauth__/integrations/callback
whereconnect.example.org
is replaced with the address of the Connect server.
Google requires Confidential OAuth clients. Public clients are not allowed.
Add API permissions
In the APIs & Services section, the GCP administrator adds the required permissions for the OAuth application. API permissions define the capabilities granted to the user when they request credentials from this OAuth application. These permissions are also referred to as scopes
.
If a given API is not already enabled, a Google Cloud Administrator can do so by navigating to APIs & Services > Library, searching for the API, and clicking “Enable”.
Integration | API Permission |
---|---|
Big Query | BigQuery API |
Drive | Google Drive API |
Sheets | Google Sheets API |
Vertex AI | Vertex AI API |
Transfer information to Connect administrator
The Google administrator shares the following information with the Posit Connect administrator:
Field | Description |
---|---|
client_id |
The unique identifier of the Google Oauth application. |
client_secret |
The secret string for the Google OAuth application. |
scopes |
The permissions requested by Connect. See the discussion on Scopes below for additional details. |
Step 2: Posit Connect administrator
After the Google administrator completes the steps listed in the General setup guide, they pass the necessary information (client_id
, client_secret
, scopes
, etc) to the Connect administrator who follows the instructions in this guide to complete the process of setting up an OAuth integration.
Create OAuth integration in Posit Connect
Using the information from the Google administrator, the Posit Connect administrator creates an integration through the dashboard’s System > Integrations settings. Once the OAuth integration has been created in Connect, it is available for use by all publishers.
Alternatively, the example below shows how to create a Google BigQuery OAuth integration using curl
and the Connect Server API. Replace connect.example.org
with the address of the Connect server.
Terminal
curl -H "Authorization: Key ${CONNECT_API_KEY}" \
-XPOST https://connect.example.org/__api__/v1/oauth/integrations \
--data '{
"template": "bigquery",
"name": "Google Application",
"description": "A helpful description for publishers to use when choosing an OAuth integration for their content.",
"config": {
"client_id": "<client-id>",
"client_secret": "<client-secret>",
"auth_mode": "Confidential",
"scopes": "https://www.googleapis.com/auth/bigquery https://www.googleapis.com/auth/bigquery.insertdata"
}
}'
# 200 OK
# {"guid": "<oauth-integration-guid>", ... }
After the Google administrator completes the steps listed in the General setup guide, they pass the necessary information (client_id
, client_secret
, scopes
, etc) to the Connect administrator who follows the instructions in this guide to complete the process of setting up an OAuth integration.
Create OAuth integration in Posit Connect
Using the information from the Google administrator, the Posit Connect administrator creates an integration through the dashboard’s System > Integrations settings. Once the OAuth integration has been created in Connect, it is available for use by all publishers.
Alternatively, the example below shows how to create a Google Drive OAuth integration using curl
and the Connect Server API. Replace connect.example.org
with the address of the Connect server.
Terminal
curl -H "Authorization: Key ${CONNECT_API_KEY}" \
-XPOST https://connect.example.org/__api__/v1/oauth/integrations \
--data '{
"template": "drive",
"name": "Google Drive",
"description": "A helpful description for publishers to use when choosing an OAuth integration for their content.",
"config": {
"client_id": "<client-id>",
"client_secret": "<client-secret>",
"auth_mode": "Confidential",
"scopes": "https://www.googleapis.com/auth/drive"
}
}'
# 200 OK
# {"guid": "<oauth-integration-guid>", ... }
After the Google administrator completes the steps listed in the General setup guide, they pass the necessary information (client_id
, client_secret
, scopes
, etc) to the Connect administrator who follows the instructions in this guide to complete the process of setting up an OAuth integration.
Create OAuth integration in Posit Connect
Using the information from the Google administrator, the Posit Connect administrator creates an integration through the dashboard’s System > Integrations settings. Once the OAuth integration has been created in Connect, it is available for use by all publishers.
Alternatively, the example below shows how to create a Google Sheets OAuth integration using curl
and the Connect Server API. Replace connect.example.org
with the address of the Connect server.
Terminal
curl -H "Authorization: Key ${CONNECT_API_KEY}" \
-XPOST https://connect.example.org/__api__/v1/oauth/integrations \
--data '{
"template": "sheets",
"name": "Google Sheets",
"description": "A helpful description for publishers to use when choosing an OAuth integration for their content.",
"config": {
"client_id": "<client-id>",
"client_secret": "<client-secret>",
"auth_mode": "Confidential",
"scopes": "https://www.googleapis.com/auth/spreadsheets https://www.googleapis.com/auth/drive"
}
}'
# 200 OK
# {"guid": "<oauth-integration-guid>", ... }
After the Google administrator completes the steps listed in the General setup guide, they pass the necessary information (client_id
, client_secret
, scopes
, etc) to the Connect administrator who follows the instructions in this guide to complete the process of setting up an OAuth integration.
Create OAuth integration in Posit Connect
Using the information from the Google administrator, the Posit Connect administrator creates an integration through the dashboard’s System > Integrations settings. Once the OAuth integration has been created in Connect, it is available for use by all publishers.
Alternatively, the example below shows how to create a Google Vertex AI OAuth integration using curl
and the Connect Server API. Replace connect.example.org
with the address of the Connect server.
Terminal
curl -H "Authorization: Key ${CONNECT_API_KEY}" \
-XPOST https://connect.example.org/__api__/v1/oauth/integrations \
--data '{
"template": "vertex-ai",
"name": "Vertex AI Application",
"description": "A helpful description for publishers to use when choosing an OAuth integration for their content.",
"config": {
"client_id": "<my-client-id.apps.googleusercontent.com>",
"client_secret": "<client-secret>",
"auth_mode": "Confidential",
"scopes": "https://www.googleapis.com/auth/cloud-platform"
}
}'