> ## Documentation Index
> Fetch the complete documentation index at: https://docs.onyx.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Google Drive OAuth

> Set up Google Drive OAuth for the connector

This section walks through setting up the Google Drive connector using a OAuth-enabled Google App.
Anyone can do this (even without a paid Google Workspace)!

If you're an organization with a Google Workspace, and you'd rather use a Service Account to access Google Drive,
checkout the section [here](./service_account).

### Authorization

<Steps>
  <Step title="Create Google Cloud Project">
    * [https://console.cloud.google.com/projectcreate](https://console.cloud.google.com/projectcreate)
  </Step>

  <Step title="Enable Google Drive API">
    * On the left panel, open **APIs & services**
    * Go to **Enabled APIs and services**
    * On the top click **+ENABLE APIS AND SERVICES**
    * Search for **Google Drive API** and click **ENABLE**
    * Alternatively visit this [link](https://console.cloud.google.com/flows/enableapi?apiid=drive.googleapis.com),
      select your project and enable the **Google Drive API**
  </Step>

  <Step title="Enable Admin SDK API">
    * Click on **+ENABLE APIS AND SERVICES** again.
    * Search for **Admin SDK API** and click **ENABLE**
    * Alternatively visit this [link](https://console.cloud.google.com/flows/enableapi?apiid=admin.googleapis.com),
      select your project and enable the **Admin SDK API**
  </Step>

  <Step title="Enable Google Sheets API">
    * Click on **+ENABLE APIS AND SERVICES** again.
    * Search for **Google Sheets API** and click **ENABLE**
    * Alternatively visit this [link](https://console.cloud.google.com/flows/enableapi?apiid=sheets.googleapis.com),
      select your project and enable the **Google Sheets API**
  </Step>

  <Step title="Enable Google Docs API">
    * Click on **+ENABLE APIS AND SERVICES** again.
    * Search for **Google Docs API** and click **ENABLE**
    * Alternatively visit this [link](https://console.cloud.google.com/flows/enableapi?apiid=docs.googleapis.com),
      select your project and enable the **Google Docs API**

    <img className="rounded-image" src="https://mintcdn.com/danswer/24Ocig51qMqahMaT/assets/admins/connectors/google_drive/GoogleDriveEnableAPI.png?fit=max&auto=format&n=24Ocig51qMqahMaT&q=85&s=401115876b9e570bef36bb01e9fa84a8" alt="Google Cloud Console enabling Google Docs API for the project" width="808" height="497" data-path="assets/admins/connectors/google_drive/GoogleDriveEnableAPI.png" />
  </Step>

  <Step title="Set up OAuth consent screen">
    * Under **APIs & services**, select the **OAuth consent screen** tab
    * If you don't have a **Google Organization** select **External** for **User Type**
    * Call the app Onyx (or whatever you want)
    * For the required emails, use any email of your choice or `founders@onyx.app`
      if you wish for the Onyx team to help handle issues.
    * Click **SAVE AND CONTINUE**
  </Step>

  <Step title="Set up scopes">
    * Add the scope `.../auth/drive.readonly` for `Google Drive API`
    * Add the scope `.../auth/drive.metadata.readonly` for `Google Drive API`
    * Add the scope `.../auth/admin.directory.user.readonly` for `Admin SDK API`
    * Add the scope `.../auth/admin.directory.group.readonly` for `Admin SDK API`

    <img className="rounded-image" src="https://mintcdn.com/danswer/24Ocig51qMqahMaT/assets/admins/connectors/google_drive/GoogleDriveScopes.png?fit=max&auto=format&n=24Ocig51qMqahMaT&q=85&s=b5d9aef1ff2d0bb193ffafb6cfbb2a2b" alt="OAuth consent screen scopes for Google Drive, Admin SDK, Sheets, and Docs" width="1058" height="1174" data-path="assets/admins/connectors/google_drive/GoogleDriveScopes.png" />
  </Step>

  <Step title="Set up test users">
    * This is only applicable for users without a Google Organization.
    * Typically for a company, Onyx would be set up as an internal app so this step would
      not apply.
    * Add at least one test user email. Only the email accounts added here will be allowed to
      run the OAuth flow to index new documents.
    * Click **SAVE AND CONTINUE**, review the changes and click **BACK TO DASHBOARD**
  </Step>

  <Step title="Create credentials">
    * Go to the **Credentials** tab and select **+ CREATE CREDENTIALS** -> **OAuth client ID**

    <img className="rounded-image" src="https://mintcdn.com/danswer/24Ocig51qMqahMaT/assets/admins/connectors/google_drive/GoogleDriveCredential.png?fit=max&auto=format&n=24Ocig51qMqahMaT&q=85&s=cf21e78b5a2b257a1f1befa44c7f6555" alt="Creating OAuth client ID in Google Cloud Console" width="2996" height="1720" data-path="assets/admins/connectors/google_drive/GoogleDriveCredential.png" />

    * Choose **Web application** and give it some name like `OnyxConnector`
    * Add a **Authorized JavaScript origins**
    * `http://localhost:3000` if self-hosting
    * `https://<INTERNAL_DEPLOYMENT_URL>` if you have setup Onyx for production use
    * `https://cloud.onyx.app` if you are using the Onyx Cloud service
    * Add a **Authorized redirect URIs**
    * `http://localhost:3000/admin/connectors/google-drive/auth/callback` if self-hosting
    * `https://<INTERNAL_DEPLOYMENT_URL>/admin/connectors/google-drive/auth/callback` if you have setup Onyx for production use
    * `https://cloud.onyx.app/admin/connectors/google-drive/auth/callback` if you are using the Onyx Cloud service

    <img className="rounded-image" src="https://mintcdn.com/danswer/24Ocig51qMqahMaT/assets/admins/connectors/google_drive/DriveCredentials.png?fit=max&auto=format&n=24Ocig51qMqahMaT&q=85&s=3d3df3e778e436ead194bc08bfffbf88" alt="Configuring authorized origins and redirect URIs for Google Drive OAuth client" width="675" height="1116" data-path="assets/admins/connectors/google_drive/DriveCredentials.png" />

    * Click create and on the right hand side next to **Client secret**, there is an option to
      download the credentials as a JSON. Download the JSON for use in the next step.

    <img className="rounded-image" src="https://mintcdn.com/danswer/24Ocig51qMqahMaT/assets/admins/connectors/google_drive/DriveDownloadCredentials.png?fit=max&auto=format&n=24Ocig51qMqahMaT&q=85&s=f8368e43322887e6e63ae4c3bffc1375" alt="Download OAuth client JSON credentials from Google Cloud Console" width="638" height="684" data-path="assets/admins/connectors/google_drive/DriveDownloadCredentials.png" />
  </Step>
</Steps>

### Indexing

First, navigate to the Admin Panel and select the Google Drive connector.

Then, create a new credential, then upload the key you downloaded in the final step. From there,
click **Authenticate with Google Drive** and continue with the account you want to use to index Google Drive.

<img className="rounded-image" src="https://mintcdn.com/danswer/24Ocig51qMqahMaT/assets/admins/connectors/google_drive/OAuthCredential.png?fit=max&auto=format&n=24Ocig51qMqahMaT&q=85&s=69420c35cd2a6869296ba5a49ff79a97" alt="Onyx Google Drive connector showing OAuth credential selection" width="2256" height="1472" data-path="assets/admins/connectors/google_drive/OAuthCredential.png" />

Once complete, select the newly created credential, and click the **Continue** button to configure the connector!

<Note>
  If you plan on using permission syncing for this connector,
  the account performing the OAuth flow must have an Admin role in the Google Workspace that has access to the
  following:

  * Admin console privileges -> Services -> Drive and Docs -> Settings
  * Admin API privileges -> Users -> Read
  * Admin API privileges -> Groups -> Read
  * Admin API privileges -> Organization Units -> Read

  This can be set by an admin in the admin panel of the Google Workspace under Account > Admin roles.
</Note>