ADO.NET Provider for Google Sheets

Build 24.0.9060

Creating a Custom OAuth Application

Creating a Custom OAuth Application

CData embeds OAuth Application Credentials with CData branding that can be used when connecting to Google Sheets via a desktop application or a headless machine. If you want to use the embedded OAuth application, all you need to do to connect is to:

  • set AuthScheme to OAuth,
  • get and set the OAuthAccessToken, and
  • set the necessary configuration parameters.

(For information on getting and setting the OAuthAccessToken and other configuration parameters, see the Desktop Authentication section of "Connecting to Google Sheets".)

However, a custom OAuth connection is required for Users who connect via the Web, and for connecting on behalf of users via a Service Account. Custom OAuth applications are also useful if you want to:

  • control branding of the authentication dialog;
  • control the redirect URI that the application redirects the user to after the user authenticates; or
  • customize the permissions that you are requesting from the user.

Procedure

Before you create a custom OAuth application for web users or Service Accounts, you must enable the Google Sheets API:

  1. Navigate to the Google Cloud Console.
  2. At the left navigation pane, select Library. The console opens the Library page.
  3. Use the Search service to find Google Sheets API. Select "Google Sheets API" from the search results.
  4. On the Google Sheets API page, click ENABLE.

User Accounts

At the Google Cloud Console:

  1. Create a new project or select an existing project.
  2. At the left navigation pane, select Credentials.
  3. If the selected project does not have a consent screen, click CONFIGURE CONSENT SCREEN. If you are not using a Google Workspace account, you are restricted to creating an External-type Consent Screen, which requires specifying a support email and developer contact email. Additional information is optional.
  4. On the Credentials page, select Create Credentials > OAuth Client ID.
  5. In the Application Type menu, select Web application.
  6. Specify a name for your OAuth custom web application.
  7. Under Authorized redirect URIs, click ADD URI and enter a redirect URI.
  8. Click Enter.
  9. Click CREATE.

When the application is complete, the Cloud Console returns you to the Credentials page. A window opens that displays your client Id and client secret.

Although the client secret is accessible from from the Google Cloud Console, we recommend you write down the client secret. You need both the client secret and client Id to specify the OAuthClientId and OAuthClientSecret.

Service Accounts

You can use a service account in this OAuth flow to access Google APIs on behalf of users in a domain. A domain administrator can delegate domain-wide access to the service account.

When using AuthScheme=OAuthJWT, you must create a Service account.

At the Google Cloud Console:

  • To complete the service account flow, generate a private key in the Google Cloud Console. In the service account flow, the driver exchanges a JSON Web token (JWT) for the OAuthAccessToken. The private key is required to sign the JWT. The driver grants the same permissions to the Service Account.

  • Now create a new Service Account:
    1. Create a new project or select an existing project.
    2. At the left navigation pane, select Credentials.
    3. Navigate to Create Credentials > Service account. The Cloud Console displays the Create Service Account page.
    4. Enter the Service account name, the Service account ID, and, optionally, a description.
    5. Click DONE. The Cloud Console returns you to the Credentials page.
    6. In the Service Accounts area, select the service accout you just created.
    7. Click the KEYs tab, then click ADD KEY > Create new key.
    8. Select any supported Key type, such as OAuthJWTCert or OAuthJWTCertType.
    9. Click CREATE.

The key is automatically downloaded to your local device, and any additional information specific to the key is displayed.

Copyright (c) 2024 CData Software, Inc. - All rights reserved.
Build 24.0.9060