Google OAuth 2.0 Integration

Overview

Google OAuth is an implementation of the OAuth 2.0 protocol that allows applications to securely access Google services on behalf of a user without requiring their password. It’s widely used for:

  • Sign in with Google (authentication)

  • Accessing Google APIs (authorization), like Gmail, Drive, Calendar, etc.

Why use Google OAuth?

  • Secure Authorization

    • Apps can access Google APIs (like Gmail, Drive, Calendar) on behalf of the user without storing their credentials.

    • Uses tokens instead of passwords, reducing security risks.

  • User Convenience

    • Enables “Sign in with Google”, so users don’t need to create new accounts or remember extra passwords.

  • Granular Permissions

    • Apps request specific scopes (e.g., read email, view profile), and users explicitly approve them.

  • Standardized Protocol

    • Based on OAuth 2.0, an industry-standard protocol for authorization, ensuring interoperability and security.

  • Improved Security

    • Supports short-lived access tokens and refresh tokens.

    • Reduces phishing risks since passwords are never shared with third-party apps.

Pre-requisites:

  1. An active Google Account

You should have an active Google Account. If you do not have it, you can create an Google account at https://console.cloud.google.com/iam-admin/serviceaccounts

  1. An iX Hello Account

For steps to create an account, follow the steps here

Base URL, Token URL, Client email, Private Key Permissions & Authentication

Using the console ID login to you Google Account and you will be landing on the Google Cloud Page.

Lets create a new project by clicking on "Create Project".

Enter the Project Name and Location, then click create.

Now let's create a Service Account by clicking on Service Account menu and then click on option Create Service Account.

A service account represents a Google Cloud service identity, such as code running on Compute Engine VMs, App Engine apps or systems running outside Google. Learn more about service accounts.

Organisation policies can be used to secure service accounts and block risky service account features, such as automatic IAM Grants, key creation/upload or the creation of service accounts entirely. Learn more about service account organisation policies.

Fill in the necessary options:

Service account name

Demo

Service account ID

This is shown to users when they're asked to demo-531

Email ID

[email protected]

Click

on Create and Continue

Role

By default, you don't need to assign any role. You can add it later if necessary. Additionally, to test Vertex AI, you might need to add a Vertex AI user role, or you can choose an Owner role

Click

Continue and Click Done

Vertex AI is Google Cloud’s machine learning platform designed to help developers and data scientists build, deploy, and scale ML models efficiently. It brings together all Google Cloud AI tools under one unified environment.

  • Simplifies the end-to-end ML workflow: data preparation, training, deployment, and monitoring.

  • Provides managed infrastructure for training and serving models.

  • Enables custom models and pre-trained models for tasks like vision, NLP, and tabular data.

Click on the service account to view the account details.

Then, select the "Keys" option. In the "Add Keys" dropdown, choose "Create new key" to generate a new key, or select "Update existing" to modify the current keys.

When you click on "Create new Key", you will see a pop up asking you to choose between two formats, JSON and P12. Choose JSON and click create, the JSON file will be downloaded. Which is the Private Key and it's used while establishing the connection between the google and ixHello.

sample attached:

2KB
ix-hello-test-1a5d4ca58697.json
Open

Enable the API's and Services

To enable APIs and services in Google Cloud:

  1. Click the Navigation Menu.

  2. Hover over APIs and Services.

  3. Select Enable APIs and Services.

To enable a Google product, follow these steps:

  1. Use the search bar to find your desired product, e.g., Google Calendar.

  2. Click on the product.

  3. Click the "Enable" button.

  4. Similarly you can enable the Vertex AI API as well

How to generate the Scope

Navigate to google api scopes by using this link: https://developers.google.com/identity/protocols/oauth2/scopes and you can choose the product specific scope which you want to implement.

Select from the list of available scopes for example:

  • https://www.googleapis.com/auth/userinfo.email → Access user email

  • https://www.googleapis.com/auth/drive → Access Google Drive

  • https://www.googleapis.com/auth/calendar → Access Calendar).

The most general scope for accessing Google Cloud resources is:

https://www.googleapis.com/auth/cloud-platform

Purpose:

  • Grants full access to all Google Cloud services and resources that the authenticated user has permission for.

  • Often used when your app needs broad access across multiple GCP services.

Generate Base URL:

PreviousGlossary

Last updated

Was this helpful?