This section walks through setting up the Google Drive connector using a OAuth-enabled Google App. Anyone can do this (even without a paid Google Workspace)!

If you’re an organization with a Google Workspace, and you’d rather use a Service Account to access Google Drive, checkout the section here.

Authorization

  1. Create a Google Cloud Project

  2. Enable the Google Drive API

    • On the left panel, open APIs & services
    • Go to Enabled APIs and services
    • On the top click +ENABLE APIS AND SERVICES
    • Search for Google Drive API and click ENABLE
    • Alternatively visit this link, select your project and enable the Google Drive API

  3. Enable the Admin SDK API

    • Click on +ENABLE APIS AND SERVICES again.
    • Search for Admin SDK API and click ENABLE
    • Alternatively visit this link, select your project and enable the Admin SDK API

  4. Enable the Google Sheets API

    • Click on +ENABLE APIS AND SERVICES again.
    • Search for Google Sheets API and click ENABLE
    • Alternatively visit this link, select your project and enable the Google Sheets API

  5. Enable the Google Docs API

    • Click on +ENABLE APIS AND SERVICES again.
    • Search for Google Docs API and click ENABLE
    • Alternatively visit this link, select your project and enable the Google Docs API

  1. Set up the OAuth consent screen

    • Under APIs & services, select the OAuth consent screen tab
    • If you don’t have a Google Organization select External for User Type
    • Call the app Onyx (or whatever you want)
    • For the required emails, use any email of your choice or founders@onyx.app if you wish for the Onyx team to help handle issues.
    • Click SAVE AND CONTINUE

  2. Set up Scopes

    • Add the scope .../auth/drive.readonly for Google Drive API
    • Add the scope .../auth/drive.metadata.readonly for Google Drive API
    • Add the scope .../auth/admin.directory.user.readonly for Admin SDK API
    • Add the scope .../auth/admin.directory.group.readonly for Admin SDK API

  1. Set up Test users

    • This is only applicable for users without a Google Organization.
      • Typically for a company, Onyx would be set up as an internal app so this step would not apply.
    • Add at least one test user email. Only the email accounts added here will be allowed to run the OAuth flow to index new documents.
    • Click SAVE AND CONTINUE, review the changes and click BACK TO DASHBOARD

  2. Create Credentials

    • Go to the Credentials tab and select + CREATE CREDENTIALS -> OAuth client ID
  • Choose Web application and give it some name like OnyxConnector
  • Add a Authorized JavaScript origins for http://localhost:3000 (or https://<INTERNAL_DEPLOYMENT_URL> if you have setup Onyx for production use)
  • Add a Authorized redirect URIs for http://localhost:3000/admin/connectors/google-drive/auth/callback (or https://<INTERNAL_DEPLOYMENT_URL>/admin/connectors/google-drive/auth/callback if you have setup Onyx for production use)
  • Click create and on the right hand side next to Client secret, there is an option to download the credentials as a JSON. Download the JSON for use in the next step.

Indexing

First, navigate to the Admin Dashboard and select the Google Drive connector.

Then, create a new credential, then upload the key you downloaded in the final step. From there, click Authenticate with Google Drive and continue with the account you want to use to index Google Drive.

Once complete, select the newly created credential, and click the Continue button to configure the connector!

If you plan on using permission syncing for this connector, the account performing the OAuth flow must have an Admin role in the Google Workspace that has access to the following:

  • Admin console privileges -> Services -> Drive and Docs -> Settings
  • Admin API privileges -> Users -> Read
  • Admin API privileges -> Groups -> Read
  • Admin API privileges -> Organization Units -> Read

This can be set by an admin in the admin panel of the Google Workspace under Account > Admin roles.