Google Drive
Google Drive OAuth
Set up Google Drive OAuth for the connector
This section walks through setting up the Google Drive connector using a OAuth-enabled Google App.
Anyone can do this (even without a paid Google Workspace)!
If you’re an organization with a Google Workspace, and you’d rather use a Service Account to access Google Drive,
checkout the section here.
Authorization
1
Create Google Cloud Project
2
Enable Google Drive API
- On the left panel, open APIs & services
- Go to Enabled APIs and services
- On the top click +ENABLE APIS AND SERVICES
- Search for Google Drive API and click ENABLE
- Alternatively visit this link, select your project and enable the Google Drive API
3
Enable Admin SDK API
- Click on +ENABLE APIS AND SERVICES again.
- Search for Admin SDK API and click ENABLE
- Alternatively visit this link, select your project and enable the Admin SDK API
4
Enable Google Sheets API
- Click on +ENABLE APIS AND SERVICES again.
- Search for Google Sheets API and click ENABLE
- Alternatively visit this link, select your project and enable the Google Sheets API
5
Enable Google Docs API
- Click on +ENABLE APIS AND SERVICES again.
- Search for Google Docs API and click ENABLE
- Alternatively visit this link, select your project and enable the Google Docs API
6
Set up OAuth consent screen
- Under APIs & services, select the OAuth consent screen tab
- If you don’t have a Google Organization select External for User Type
- Call the app Onyx (or whatever you want)
- For the required emails, use any email of your choice or
founders@onyx.appif you wish for the Onyx team to help handle issues. - Click SAVE AND CONTINUE
7
Set up scopes
- Add the scope
.../auth/drive.readonlyforGoogle Drive API - Add the scope
.../auth/drive.metadata.readonlyforGoogle Drive API - Add the scope
.../auth/admin.directory.user.readonlyforAdmin SDK API - Add the scope
.../auth/admin.directory.group.readonlyforAdmin SDK API
8
Set up test users
- This is only applicable for users without a Google Organization.
- Typically for a company, Onyx would be set up as an internal app so this step would not apply.
- Add at least one test user email. Only the email accounts added here will be allowed to run the OAuth flow to index new documents.
- Click SAVE AND CONTINUE, review the changes and click BACK TO DASHBOARD
9
Create credentials
- Go to the Credentials tab and select + CREATE CREDENTIALS -> OAuth client ID
- Choose Web application and give it some name like
OnyxConnector - Add a Authorized JavaScript origins
http://localhost:3000if self-hostinghttps://<INTERNAL_DEPLOYMENT_URL>if you have setup Onyx for production usehttps://cloud.onyx.appif you are using the Onyx Cloud service- Add a Authorized redirect URIs
http://localhost:3000/admin/connectors/google-drive/auth/callbackif self-hostinghttps://<INTERNAL_DEPLOYMENT_URL>/admin/connectors/google-drive/auth/callbackif you have setup Onyx for production usehttps://cloud.onyx.app/admin/connectors/google-drive/auth/callbackif you are using the Onyx Cloud service
- Click create and on the right hand side next to Client secret, there is an option to download the credentials as a JSON. Download the JSON for use in the next step.
Indexing
First, navigate to the Admin Panel and select the Google Drive connector. Then, create a new credential, then upload the key you downloaded in the final step. From there, click Authenticate with Google Drive and continue with the account you want to use to index Google Drive.If you plan on using permission syncing for this connector,
the account performing the OAuth flow must have an Admin role in the Google Workspace that has access to the
following:
- Admin console privileges -> Services -> Drive and Docs -> Settings
- Admin API privileges -> Users -> Read
- Admin API privileges -> Groups -> Read
- Admin API privileges -> Organization Units -> Read