OAuth Setup
This section walks through setting up the Gmail connector using a OAuth-enabled Google App. Anyone can do this (even without a paid Google Workspace)!
If you’re an organization with a Google Workspace, and you’d rather use a Service Account to access Gmail, it will be available soon!
Authorization
-
Create a Google Cloud Project
-
Enable the Gmail API
- On the left panel, open APIs & services
- Go to Enabled APIs and services
- On the top click +ENABLE APIS AND SERVICES
- Search for Gmail API and click ENABLE
- Alternatively visit this link, select your project and enable the Gmail API
-
Set up the OAuth consent screen
- Under APIs & services, select the OAuth consent screen tab
- If you don’t have a Google Organization select External for User Type
- Call the app Onyx (or whatever you want)
- For the required emails, use any email of your choice or
founders@onyx.app
if you wish for the Onyx team to help handle issues. - Click SAVE AND CONTINUE
-
Set up Scopes
- Add the scope
.../auth/gmail.readonly
forGmail API
- Add the scope
-
Set up Test users
- This is only applicable for users without a Google Organization.
- Typically for a company, Onyx would be set up as an internal app so this step would not apply.
- Add at least one test user email. Only the email accounts added here will be allowed to run the OAuth flow to index new emails.
- Click SAVE AND CONTINUE, review the changes and click BACK TO DASHBOARD
- This is only applicable for users without a Google Organization.
-
Create Credentials
- Go to the Credentials tab and select + CREATE CREDENTIALS -> OAuth client ID
- Choose Web application and give it some name like OnyxConnector
- Add a Authorized JavaScript origins for http://localhost:3000
(or https://<INTERNAL_DEPLOYMENT_URL>
if you have setup Onyx for production use) - Add a Authorized redirect URIs for http://localhost:3000/admin/connectors/gmail/auth/callback
(or https://<INTERNAL_DEPLOYMENT_URL>/admin/connectors/gmail/auth/callback
if you have setup Onyx for production use)
- Click create and on the right hand side next to Client secret, there is an option to download the credentials as a JSON. Download the JSON for use in the next step.