5.22.11. Unlock Google Services

<< Click to Display Table of Contents >>

Navigation:  5. Detailed description of the Actions > 5.22. Cloud services >

5.22.11. Unlock Google Services

 

Icon: clip0514

 

Function: GoogleUnlock

 

Property window:

 

clip0516

 

Short description:

Unlock access to Google services

 

Long Description:
 

You need to get some Google credentials (i.e. you need to get from Google these 3 parameters: your “Client ID”, your “Client Secret” and your “Refresh Token”) before using any of the following Actions:
 

List the files on a GDrive (section 5.22.12)

Download files from a GDrive (section 5.22.13)

Upload files to a GDrive (section 5.22.14)

Delete files stored in a GDrive (section 5.22.15)

List the files on a Google Cloud Storage (section 5.22.16)

Download files from a Google Cloud Storage (section 5.22.17)

Upload files to a Google Cloud Storage (section 5.22.18)

List all your Google Cloud Storage Buckets (section 5.22.19)

Delete files from a Google Cloud Storage (section 5.22.20)

Execute a SQL query on Big Query (section 5.22.21)

Upload CSV files to Big Query (section 5.22.22)

Google Analytics (section 5.22.23)

 

 

clip0515

To get your Google credentials you must be a paying customer of “G Suite Basic” or “G Suite Business”.  On June 2020, the “G Suite Basic” subscription is 6$/month. You can stop your subscription as soon as you have obtained your credentials: i.e. once you have you “Client ID” (obtained at step 9.7), your “Client Secret” (obtained at step 9.7) and your “Refresh Token” (obtained at step 9.11). These credentials do not expire, even if you stop paying your “G Suite”.

 

The procedure described in this section allows you to get your Google credentials (i.e. to get a “Client ID”, a “Client Secret” and a “Refresh Token”) that will unlock *ALL* Google services: GDrive, Google Cloud Storage and Google Big Query. For security reasons, you might want to get some credentials that are more limited (e.g. that only give you access to “GDrive”, and not “Cloud Storage”). If you want some credentials that are:
 

…limited to “GDrive” only:
 

oSkip the points 5,6 and 7 in the procedure below.
 

oOn point 8.4, select only the following scopes:
 

../auth/drive.metadata

  (change file-related metadata in your Google Drive)
 

../auth/drive

  (See, Download and Upload files from/to your Google Drive)
 

oOn point 9.7, enable (i.e. check) the option “Access to GoogleDrive”:

 

clip0516

 

 

…limited to “Cloud Storage and Big Query” only:
 

oSkip the point 4 and 7 in the procedure below.
 

oOn point 8.4, select only the following scope:
 

../auth/cloud-platform
 

oOn point 9.7, enable (i.e. check) the option “Access to Cloud Storage and Big Query”:

 

 

clip0517

 

 

…limited to “Google Analytics” only:
 

oSkip the point 4, 5 and 6 in the procedure below.
 

oOn point 8.4, select only the following scope:
 

../auth/analytics.readonly
 

oOn point 9.7, enable (i.e. check) the option “Access to Google Analytics”:

 

 

clip0518

 

 

The procedure to get you Google Credentials (i.e. to get a “Client ID”, a “Client Secret” and a “Refresh Token”) is the following:
 
 

1.First, a word of caution:

 

You will need your “Client ID”, “Client Secret” and “Refresh Token” to use (nearly) all the Google Services actions inside Anatella.

 

There are no ways to copy/paste back these 3 informations from one Anatella action to another (this is, of course, “by design”).

 

So, you should keep yourself these 3 informations in a secure place, if you intend to re-use them later.
 

 

2.Open in your web browser the “Google Developper Console”: Go to the URL:
 

https://console.developers.google.com
 

..and sign-in into your Google account.
 
 

3.Create a new Project.
 

3.1. Click on the “Select a Project” drop-down menu:

 

clip0519

 
 

3.2. Click on the “New Project” button:

 

clip0520

 

 

3.3. Write a project name (you can use whatever name you want) and click on the “Create” button:

 

clip0521

 

 

3.4. You should now see this page inviting you to configure your OAuth consent screen:

 

clip0522

 

 
We will not configure the OAuth consent screen now because we first need to enable different google API and services beforehand. To do so, click on the “Dashboard” button: number1

 
 

4. We will now enable the “Google Drive API
 
 

This API is required to be able to use the “Google Drive” Actions: These actions are:
 
 

List the files on a GDrive (section 5.22.12)
 

Download files from a GDrive (section 5.22.13)
 

Upload files to a GDrive (section 5.22.14)
 

Delete files stored in a GDrive (section 5.22.15)
 
 

4.1. Click on the “Enable APIS and Service” button:

 

clip0523

 

 

You arrive on this page:

 

clip0524

 

4.2. Search for the “Google Drive API” number1 and click on the first item found:number2

 

clip0525

 

 

4.3. Click the “Enable” button:

 

clip0526

 

4.4. We are back on the Project Selection screen but the Google Drive logo is now visible here: number1  (and we don’t want that). Click on the “APIs and Services” text here: number2

 

clip0527

 

 

5.We will now Enable the “Google Cloud Storage JSON API”.
 

    This API is required to be able to use the “Google Cloud Storage” Actions: These actions are:
 

List the files on a Google Cloud Storage (section 5.22.16)
 

Download files from a Google Cloud Storage (section 5.22.17)
 

Upload files to a Google Cloud Storage (section 5.22.18)
 

List all your Google Cloud Storage Buckets (section 5.22.19)
 

Delete files from a Google Cloud Storage (section 5.22.20)

 

5.1. We are back on the Project Selection screen (and the GDrive logo is not visible anymore: it’s written “APIs & Services” instead: number1  ). Click on the “Enable APIS and Service” button: number2

 

clip0528

 

 

           You arrive on this page:

 

clip0529

 

 

 

5.2. Search for the “Google Cloud Storage JSON API” and click on the first item found:

 

 

clip0530

 

 

5.3. Click the “Enable” button:

 

clip0531

 
 

5.4. We are back on the Project Selection screen but the “Google Cloud Storage” logo is now visible here: number1  (and we don’t want that). Click on the “APIs and Services” text here: number2

 

clip0532

 

 
 

6. We will now Enable the “BigQuery API”:
 

This API is required to be able to use all the “Google Big Query” Actions: These actions are:
 

Execute a SQL query on Big Query (section 5.22.21)
 

Upload CSV files to Big Query (section 5.22.22)

 
6.1. We are back on the Project Selection screen (and the “Google Cloud Storage” logo is not visible anymore:  it’s written “APIs & Services” instead: number1 ). Click on the “Enable APIS and Service” button: number2

 

clip0533

 

 

You arrive on this page:

 

clip0534

 

 

6.2. Search for the “BigQuery API” and click on the first item found:

 

clip0535

 

 

6.3. Click the “Enable” button:

 

clip0536

 

 

6.4. We are back on the Project Selection screen but the “Big Query API” logo is now visible here: number1  (and we don’t want that). Click on the “APIs and Services” text here: number2

 

clip0537

 

 

7.We will now Enable the “Google Analytics API”:
 

This API is required to be able to use the “Google Analytics” Action from section 5.22.23.

 

7.1. We are back on the Project Selection screen (and the “BigQuery API” logo is not visible anymore:  it’s written “APIs & Services” instead: number1  ). Click on the “Enable APIS and Service” button: number2

 

clip0538

 

 

You arrive on this page:

 

clip0539

 

 

7.2. Search for the “google analytics api” and click on the first item found:

 

clip0540

 

 

7.3. Click the “Enable” button:

 

clip0541

 

 

7.4. We are back on the Project Selection screen but the “Google Analytics API” logo is now visible here: number1 (and we don’t want that). Click on the “APIs and Services” text here: number2

 

clip0542

 

 

8.Configure OAuth consent Screen
 

8.1. We are back on the Project Selection screen (and the “Google Analytics API” logo is not visible anymore: it’s written “APIs & Services” instead number1 ). Click on the “OAuth consent screen” button: number2

 

clip0543

 

 

8.2. On the next screen you must select “Internal” number1  and click the “create” button: number2

 

clip0544

 

 
 

clip0545

You can only select the “Internal” option if you are a paying customer of “G Suite Basic” or “G Suite Business”.  On June 2020, the “G Suite Basic” subscription is 6$/month.
The “External” option is very expensive and out of scope.

 
 

8.3. On the next screen, we’ll configure the “App Name” and the “Support Email”.
 

Once this is done, click on the “Add Scope” to configure the scope of your app:

 

 

clip0546

 

 

8.4. Enable the following scopes:

 

clip0547

On the next configuration screen, pay attention to the “Scopes”: For security reasons, you may want to limit the scopes to the minimum. For example, if you only intend to...  

...use Google Analytics: Activate only the following scope:

    ../auth/analytics.readonly

 ...use GDrive: Activate only the following 2 scopes:

    ../auth/drive.metadata

    ../auth/drive

 ...use Google Storage or Big Query: Activate only the following scope:

    ../auth/cloud-platform

 

 
 

clip0548

 

 

Scroll down a little:

 

clip0549

 

When you have finished selecting your “scopes”, click on the “Add” button: number1
 

 

8..5. Finish configuring the OAuth consent Screen. At the end, you should have something like this:
 

clip0550

 

 

9.Get your Credentials

9.1. Click the “Credentials” option in the left pane: number1

 

clip0551

 

 

9.2. Click the “Create credentials” button in the right panel: number2

 

9.3. Select “OAuth Client ID”: number3

 

clip0552

 

 

9.4. Enter the following:

 

clip0553

 

 

9.5. This step is important!

 Click the “ADD URI” button in the “Authorized redirect URIs” section: number1
 

...and enter:   https://timi.eu/oauth/GoogleAccess.php

 

 

9.6. At the end you should have something like this:

 

clip0554

 

 

9.7. You receive your “Client ID” number1 and “Client Secret”: number2

 

clip0555

 

 

Copy/paste your your “Client ID” and “Client Secret” inside Anatella here:

 

clip0556

 

 

 

clip0557

Inside the Anatella action, the 3 parameters that are named “Access to…”  must match the scopes that you selected at step 8.4. For security reasons, you may have limited the scopes to the minimum. For example, if you only intend to...  

...use Google Analytics: You only activated the following scope:

    ../auth/analytics.readonly

...use GDrive: You only activated the following 2 scopes:

    ../auth/drive.metadata

    ../auth/drive

...use Google Storage or Big Query: You only activated the following scope:

    ../auth/cloud-platform

 
 

 

Don’t worry if the Window in your browser closes before you can copy/paste your “Client ID” and “Client Secret”: You can always see again later these 2 informations by clicking the “edit” icon here:

 

clip0558

 

 

…Then, you’ll again see your “Client ID” and “Client Secret” here:

 

clip0559

 

9.8. Run (i.e. click the output pin) the clip0560 UnlockGoogle Action in Anatella (with the correct “Client ID” and “Client Secret” obtained from the previous step): A web browser opens: Select the account that owns the “GDrive/Google Cloud Storage/BigQuery Tables”:

 

clip0561

 

 

9.9. The following 2 confirmation screens do not appear all the time:
 

9.9.1. Since your (totally new) application isn’t verified, you get a warning message. This is perfectly normal and expected. Just click on the “Advanced” url link:

 

clip0562

 
 

9.9.2. Confirm that you trust your own application by clicking the “Go to timi.eu (unsafe)” url link here:
 

clip0563

 

 

9.10. The following confirmation screens does not appear all the time:
 

9.10.1. Confirm that you want to access your gdrive files from Anatella: Click the “Allow” button:

 

clip0564

 
 

9.10.2. Sometime, an additional confirmation window opens. Just click the “Allow” button:

 

clip0565

 

 

9.11. Finally, you receive your “Refresh Token”!

 

clip0566

 

 
If you don’t see any “Refresh Token” (i.e. the “Refresh Token” field is empty), then you’ll need to redo the whole procedure starting from the step 9.1.
 

 

Please write your “Refresh Token” in a safe place. There is no way to retrieve your “Refresh Token” in anyway: If you lose it, you’ll need to redo the whole procedure starting from the step 8.1. You now have your complete credentials:

 

A “Client ID” (obtained at step 9.7)

A “Client Secret” (obtained at step 9.7)

A “Refresh Token” (obtained at this step 9.11)

 
 

10.After a few seconds, you should also receive on your mobile phone a security message that warns you that someone accessed your Google Account. Just click the “Yes, it was me” button:

 

clip0567

 
 

11.Save your “Refresh Token” in a safe place.