Create OAuth2 developer application in Google
The Google Cloud administrator registers an OAuth Client ID in Google.
They will need the Posit Connect redirect URL which is defined as https://connect.example.org/__oauth__/integrations/callback
Replace connect.example.org
with the address of the Connect server.
The Connect Administrator must obtain the client ID and client secret from the Google Cloud administrator.
Google requires Confidential OAuth clients. Public clients are not allowed.
Transfer information to Connect administrator
The Google administrator shares the following information with the Posit Connect administrator:
Field | Description |
---|---|
client_id |
The unique identifier of the Google Oauth application. |
client_secret |
The secret string for the Google OAuth application. |
scopes |
The permissions requested by Connect. See the discussion on Scopes below for additional details. |
Scopes
APIs and Services that are enabled for your Google Cloud project can be set within your Connect OAuth integration using scopes. By default the read and write BigQuery API v2 scopes are included with the Google OAuth integration, but these can be modified to leverage all of Google’s APIs and services. For example, full access to Google Drive and Google Sheets requires the following scopes:
https://www.googleapis.com/auth/spreadsheets
https://www.googleapis.com/auth/drive
Read-only access to Google Drive and Google Sheets requires the following scopes:
https://www.googleapis.com/auth/spreadsheets.readonly
https://www.googleapis.com/auth/drive.readonly
For more information, please see the full list of OAuth2 scopes for Google’s APIs and services.
Create OAuth integration in Posit Connect
The Posit Connect administrator creates an OAuth integration through the Integrations tab on the Connect dashboard. Once the OAuth integration has been created in Connect, it is available for use by all publishers.
Alternatively, the example below shows how to create a GitHub OAuth integration using curl
and the Connect Server API.
Replace connect.example.org
with the address of the Connect server.
Terminal
curl -H "Authorization: Key ${CONNECT_API_KEY}" \
-XPOST https://connect.example.org/__api__/v1/oauth/integrations \
--data '{
"template": "google",
"name": "Google Application",
"description": "A helpful description for publishers to use when choosing an OAuth integration for their content.",
"config": {
"client_id": "<client-id>",
"client_secret": "<client-secret>",
"auth_mode": "Confidential",
"scopes": "https://www.googleapis.com/auth/bigquery https://www.googleapis.com/auth/bigquery.insertdata"
}
}'
# 200 OK
# {"guid": "<oauth-integration-guid>", ... }