Google oAuth app

Google App

  • Create an app in the Google Developer Console. Depending on the scopes you need, you may need to get your app approved by Google.

  • Configure an oAuth redirect URI under your own domain, since Google will use the domain of the redirect URI as the app name that is shown to users. Your full oAuth redirect URI is e.g. https://blendrauth.yourdomain.com/callback (in case you have chosen blendrauth.yourdomain.com as the host).

  • Create a CNAME record in your domain nameservers for your custom redirect URI: blendrauth.yourdomain.com CNAME auth.blendr.io

  • Send an email to Blendr.io support, requesting to setup your custom domain as auth URL for your custom Google oAuth app. Blendr.io will create an SSL certificate for your domain. You will have to create a DNS record to approve the creation of an SSL certificate on AWS, this needs to be done within 72 hours!

API permissions Enable the required API's, e.g. Google Sheets and Google Drive.

OAuth

  1. Go to OAuth consent screen
  2. User type: external
  3. Click on Edit app
  4. Set a name, logo, links to website (homepage, terms, privacy policy)
  5. Enable the necessary scopes for Google Contacts, Google Sheets etc. (only scopes of enabled API's will be available). Scopes used in Blendr.io Google connectors (subject to change):

Scope for Calendar:

  • https://www.googleapis.com/auth/calendar
  • https://www.googleapis.com/auth/calendar.events
  • https://www.googleapis.com/auth/calendar.settings.readonly
  • https://www.googleapis.com/auth/plus.login

Scopes for Contacts:

  • https://www.google.com/m8/feeds/
  • https://www.googleapis.com/auth/plus.login

Scope for Directory:

  • https://www.googleapis.com/auth/admin.directory.user.readonly
  • https://www.googleapis.com/auth/plus.login

Scopes for Drive:

  • https://www.googleapis.com/auth/drive
  • https://www.googleapis.com/auth/drive.activity.readonly
  • https://www.googleapis.com/auth/plus.login

Scopes for Sheets:

  • https://www.googleapis.com/auth/spreadsheets
  • https://www.googleapis.com/auth/plus.login
  • https://www.googleapis.com/auth/drive.metadata

Credentials

  1. Go to Credentials
  2. Click on "+ Create Credentials" and select OAuth Client id.
  3. Choose "Web application".
  4. Set a name and scopes.
  5. Authorized redirect URI's: for example https://blendrauth.yourdomain.com/callback

Submit for verification

  1. Click on "Submit for verification"
  2. Verification is required if you use sensitive scopes such as access to Contacts and Calendar.
  3. You will receive an email from Google with next steps.
  4. You will have to create a video that clearly shows the client_id etc.
  5. As long as the app is not verified, it will show not verified and you will be limited to 100 users.

App Approval

  1. As long as the above app is not verified, users will see following message when they authorize using oAuth: This app isn't verified !
  2. Request approval from Google by submitting this form: OAuth consent screen
  3. How to create a demo video: Demo video tutorial
  4. How to get verified: Google OAuth verification article