This section walks through setting up the Gmail connector using a OAuth-enabled Google App. Anyone can do this (even without a paid Google Workspace)!

If you’re an organization with a Google Workspace, and you’d rather use a Service Account to access Gmail, it will be available soon!

Authorization

  1. Create a Google Cloud Project

  2. Enable the Gmail API

    • On the left panel, open APIs & services
    • Go to Enabled APIs and services
    • On the top click +ENABLE APIS AND SERVICES
    • Search for Gmail API and click ENABLE
    • Alternatively visit this link, select your project and enable the Gmail API
  3. Set up the OAuth consent screen

    • Under APIs & services, select the OAuth consent screen tab
    • If you don’t have a Google Organization select External for User Type
    • Call the app Onyx (or whatever you want)
    • For the required emails, use any email of your choice or founders@onyx.app if you wish for the Onyx team to help handle issues.
    • Click SAVE AND CONTINUE
  4. Set up Scopes

    • Add the scope .../auth/gmail.readonly for Gmail API

  1. Set up Test users

    • This is only applicable for users without a Google Organization.
      • Typically for a company, Onyx would be set up as an internal app so this step would not apply.
    • Add at least one test user email. Only the email accounts added here will be allowed to run the OAuth flow to index new emails.
    • Click SAVE AND CONTINUE, review the changes and click BACK TO DASHBOARD
  2. Create Credentials

    • Go to the Credentials tab and select + CREATE CREDENTIALS -> OAuth client ID

- Choose Web application and give it some name like OnyxConnector - Add a Authorized JavaScript origins for http://localhost:3000 (or https://<INTERNAL_DEPLOYMENT_URL> if you have setup Onyx for production use) - Add a Authorized redirect URIs for http://localhost:3000/admin/connectors/gmail/auth/callback (or https://<INTERNAL_DEPLOYMENT_URL>/admin/connectors/gmail/auth/callback if you have setup Onyx for production use)

  • Click create and on the right hand side next to Client secret, there is an option to download the credentials as a JSON. Download the JSON for use in the next step.