Project configuration in Google API Console – use of Google API Client Library for JavaScript – Part II. The ‘Google Workspace friendly application’ series.

15 December 2020 Wojciech Sowa

The ‘Google Workspace friendly application’ series – table of contents

  1. What is Google Workspace, and why should we integrate with it?
  2. Project configuration in Google API Console – use of Google API Client Library for JavaScript – Part I.
  3. Project configuration in Google API Console – use of Google API Client Library for JavaScript – Part II.
  4. Configuration of Oracle Database and APEX application – use of Google API Client Library for JavaScript.
  5. Project configuration in Google API Console – use of Google Service Account.
  6. Configuration of Oracle Database and APEX application – use of Google Service Account.

Introduction

This article is the second part of instructions on configuring the Google Workspace project with the Oracle APEX application. In the first part, we created a new project in Google API Console, then we enabled Google Drive API library, and finally, we configured the Consent Screen. If you are interested in those steps, go to the previous article. This time we will obtain all necessary information about credentials used for calling particular Google APIs.

Step by step guide

Let’s generate all necessary credentials to use Google API. Go to https://console.developers.google.com/start – at this point, you can use the Google account in your organization’s domain to log in. Pick the project that you created previously. Select the ‘Credentials’ option from the menu on the left. Select the ‘+ Create Credentials’ option from the top bar. Select ‘OAuth client ID’ from the available menu.

From the available ‘Application type’ list, select the ‘Web application’ option. Enter the name of your client and go to the ‘Authorized JavaScript origins’ option. In this option, select the main address to your application, in which you will use the integration with Google. In our example, if the APEX application is located in the public apex.oracle.com environment, enter this address – https://apex.oracle.com. For your local environment, enter http://localhost:8080. Click the ‘Create’ button.

Warning! If you decide to add a new environment to the ‘Authorized JavaScript origins’ address list sometime after your OAuth 2.0 client has been created, this environment will likely not be supported correctly by the Google API. It will cause an error visible in the browser console, which means no new environment in the list of authorized JavaScript domains. In this case, create a new OAuth 2.0 client for all environments, including the new one.

After creating a new OAuth 2.0 client, you will receive information that your client has received two essential elements – ‘Client ID’ and ‘Client Secret’. These two attributes are the login and password equivalents and will be used in the JavaScript library.

The ‘Credentials’ screen shows the created client. We can view its details, rename it, reset ‘Client ID’ and ‘Client Secret’, and add addresses in the ‘Authorized JavaScript origins’ section.

Additionally, for integrations that do not require the OAuth 2.0 protocol, generate an API key. In the Credentials tab, select “+ Create Credentials” and select the API Key option. The key will be generated. You can choose restrictions on API keys’ use due to the allowed application types that can use API Key. You can also select which of the activated Google API libraries in our project will be authorized to use the key. We use the generated key in Google API calls by adding the key=YOUR_API_KEY parameter to the request.

Google Workspace is set up!

We got it! We have finished configuring Google Workspace. The API needed to manage Google Drive is now ready for use in our APEX application. The next step is to prepare the database for communication with Google API and configure the JavaScript library in the APEX application itself.

Important: Besides implementing the OAuth 2.0 protocol based on the JavaScript library, there is also a second method based on a special account called Service Account. This type of account is not associated with any Google Workspace human user in your company. This type of account is useful when you integrate with Google API in systematic processes, e.g., database jobs responsible for data synchronization running at night. In these cases, you can implement the integration without any user action required, as with the Consent Screen. From the Oracle database perspective, the Service Account can be used thanks to the implementation of JSON Web Token (JWT) and the appropriate cryptographic algorithm, which will allow proper communication with the Google token service. This approach will be described in future articles!

Tagged with: , , , ,

Hire us!

Pretius is a software development company.
We create web applications using: Java, Oracle DB, Oracle Apex, AngularJS.
Contact us to talk about how we can help you with your software project!