Google - Set up OAuth Consent Screen

From 360Works Product Documentation Wiki
(Difference between revisions)
Jump to: navigation, search
(Created page with "==Overview== By default Zulu will use the 360Works Google API key in order to make API calls to Google Calendar. Each Google API key has a set daily limit of API calls that ca...")
 
(Generate your own keys)
 
(25 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
==Overview==
 
==Overview==
By default Zulu will use the 360Works Google API key in order to make API calls to Google Calendar. Each Google API key has a set daily limit of API calls that can be made with it so if you use the default 360Works key which can be used by all Zulu users, it is possible that the daily limit will be reached and Zulu will stop working for that day (limit is reset every day at midnight Pacific time). For this reason we highly recommend that you generate your Google API key so that you will have your own daily limit and much less likely to lose syncing capabilities due to the limit being reached. This documentation will guide you to create your own keys
+
Google API Keys are needed for OAuth logins for a number of 360Works products.  These keys can also be used to  [[https://support.claris.com/s/article/Accessing-solutions-using-Open-Authentication-OAuth-credentials-1503693096853?language=en_US Access FileMaker Databases using OAuth]].  This guide will walk you through setting up an OAuth consent screen and getting Google API Keys.
  
 
===Generate your own keys===
 
===Generate your own keys===
Line 6: Line 6:
 
<b>Step 1</b> Go to https://console.developers.google.com/ . If you do not already have a Google account, you will need to create one. It is recommended that if you are setting this up that you go ahead and create a new account with a username and password that you are comfortable sharing with your users/co-workers<br>
 
<b>Step 1</b> Go to https://console.developers.google.com/ . If you do not already have a Google account, you will need to create one. It is recommended that if you are setting this up that you go ahead and create a new account with a username and password that you are comfortable sharing with your users/co-workers<br>
 
<br>
 
<br>
<b>Step 2</b> Click Create Project. On the next screen name the project. You do not need to select an organization. Click Create.<br>
+
* Click Create Project. <br>
[[File:Step1.png|x300px]]<br>
+
[[File:Step1.png|600px]]<br>
[[File:Step2.png|x300px]]<br>
+
 
 +
* Give the project a name, then click "Create".
 +
 
 +
[[File:GoogleOAuthConsent_NewProject.png|x600px]]<br>
 +
 
 +
* Now let's set up the OAuth Consent Screen, use the menu to navigate there:
 +
 
 +
[[File:GoogleOAuthConsentScreen_OAuthConsent.png|x600px]]
 +
 
 +
* For User Type, we will be using "External", which will work for anyone with a Google account, but will show a warning that the app is not verified.  If you are a G Suite user, you may choose "Internal" here, and avoid the warning, but this will only work for users inside your G Suite account.
 +
* Click "Create"
 +
 
 +
[[File:GoogleOAuthConsentScreen_SelectUserType.png|x600px]]
 +
 
 +
* On the next screen, fill out the following required fields:
 +
# App Name (Can be anything)
 +
# User Support Email (Use your logged in Gmail address)
 +
# Authorized Domains (Use "360Works.com", this is necessary for the OAuth redirect later)
 +
# Developer Contact Information (Use your logged in Gmail address)
 +
 
 +
* Once all required fields are filled out, click "Save and Continue"
 +
 
 +
[[File:GoogleOAuthConsentScreen_AppInformation1.png|x600px]]
 +
 
 +
[[File:GoogleOAuthConsentScreen_AppInformation2.png|x600px]]
 +
 
 +
* Skip the Scopes for now, we need to enable the API so that we can select them, and we will do that later.
 +
* Click "Save and Continue"
 +
 
 +
[[File:GoogleOAuthConsentScreen_SkipScopes.png|x600px]]
 +
 
 +
* Test Users (External accounts only.  If you are a GSuite user and selected "Internal" earlier, you may skip this.)
 +
* Add the Gmail addresses for each user that you will want to be able to authenticate with.  For example, if you want to use the Email Plugin to send emails through Gmail, you will need to add the Gmail address you want to send from here.  Another example, if you want Zulu to sync with a specific user's Google Calendar, add that user's email address here.
 +
* Click "Save and Continue"
 +
 
 +
[[File:GoogleOAuthConsentScreen_TestUsers.png|x600px]]
 +
 
 +
* Summary Screen.  Review the details on the summary.  If everything looks correct, click the "Back To Dashboard" button.
 
<br>
 
<br>
<b>Step 3</b> Back on the Dashboard, click on Enable APIs And Services. On the next page, scroll down the page till you see Google Calendar API, click it, and on the next page click Enable<br>
+
* Getting Credentials. After saving the OAuth Consent Screen, navigate to "Credentials" from the menu
[[File:Step3.png|x300px]]<br>
+
 
[[File:Step3a.png|x300px]]<br>
+
[[File:GoogleOAuthCredentials_Start.png|x600px]]
<br>
+
 
<b>Step 4</b> On the Overview page, look for the Google Calendar API, click on Create Credentials<br>
+
* Click "+ Create Credentials", then select "OAuth client ID"
[[File:Step4.png|x300px]]<br>
+
 
<br>
+
[[File:GoogleOAuthCredentials_CreateOAuthCreds.png|x600px]]
<b>Step 6</b> You should be prompted to set up the OAuth Consent screen, select that option and this should open in a new window/tab.<br>
+
 
[[File:Step6.png|x400px]]<br>
+
* Fill out the form with the following values:
<br>
+
 
<b>Step 7</b> On the OAuth consent screen, you will have a choice of User Type: Internal or External. We suggest External.  Internal users are available to GSuite users, and this setting is limited to users within an organization. External users are available to any test user with a Google Account.  If you do not have a GSuite account, you must select External, and this documentation will follow the External User set up.
+
: Application Type : Web Application
<br>
+
: Name : MyOAuthClient (This can be anything though)
[[File:OAuthConsentStep1.jpg|x400px]]<br>
+
: Authorized Redirect URIs : Add both of the following
<br>
+
:: https://oauth.360works.com/oauth
On the OAuth consent screen, Enter Zulu as the Application name. You do not need to include an Application logo, the support email should be set as the email you signed into Google with.
+
:: https://zuluauth.360works.com/zuluauth/auth
<br>
+
* Click "Create"
[[File:OAuthConsentStep2.jpg|x400px]]<br>
+
 
<br>
+
[[File:GoogleOAuthCredentials_CreateClientID.png|x600px]]
For Authorized Domains, enter "360works.com". For Application homepage enter "https://360works.com/filemaker-calendar/". Leave the Privacy policy and Terms of Service fields blank.<br>
+
 
<br>
+
* Once the OAuth Client is created, you will be presented with the Client ID and Client Secret. Save these, as you might not be able to access them later.
[[File:OAuthConsentStep3.jpg|700px]]<br>
+
 
<br>
+
[[File:GoogleOAuthCredentials_ClientCreated.png|x600px]]
For Developer contact information, this should be an email address for you to receive alerts and updates about your own copy of Zulu. This is not 360Works development or support email addresses.
+
<br>
+
[[File:OAuthConsentStep4.jpg|600px]]<br>
+
<br>
+
Next you will be taken to <b>Scopes</b>. Click "Add or Remove Scopes".
+
<br>
+
[[File:OAuthConsentStep5.jpg|600px]]<br>
+
<br>
+
You will need to select the following Scopes and save them to your project: auth/calendar & auth/calendar/events. Once you have selected and saved the Scopes, you should see a summary of added Scopes similar to the screen below. Save and continue.
+
<br>
+
[[File:OAuthConsentStep6.jpg|600px]]<br>
+
<br>
+
You will be taken to a <b>Users</b> section. You will need to add user email addresses for your Zulu calendars. You will be given the chance to add 100 users while in "Test Mode". You do not need to add them all immediately, you are able to edit this list. You can fully use Zulu in test mode, however if you would like to add additional users beyond the initial 100, you will need to authenticate your app and usage with Google.
+
<br>
+
[[File:OAuthConsentStep7.jpg|600px]]<br>
+
<br>
+
<b>Step 8</b> Once you have saved the OAuth consent screen information, you will be taken back to a summary page.  On the left side of the page, please navigate to "Credentials" to complete setting up your keys.
+
<br>
+
[[File:OAuthConsentStep8.jpg|600px]]<br>
+
<br>
+
Under the "Create Credentials" heading, select "OAuth Client ID".
+
<br>
+
[[File:OAuthConsentStep9.jpg|600px]]<br>
+
<br>
+
The Application type should be set to "Web Application". The Name can be anything as it is only used to identify the Client ID in the Google console. You do not need to add Authorized JavaScript Origins. You do need to enter "https://zuluauth.360works.com/zuluauth/auth" for Authorized Redirect URIs.
+
<br>
+
[[File:OAuthConsentStep10.jpg|600px]]<br>
+
<br>
+
<b>Step 9</b> You will be given a screen with a Client ID and a Client Secret. These are your keys that will ensure your access to the Google Calendar API for your own Zulu account. These will continue to be available in your Google Developer Console, however it is a good idea to save a copy somewhere safe. Do not share this key between other applications. Keep it secret, keep it safe.<br>
+
<br>
+
[[File:OAuthConsentStep11.jpg|600px]]<br>
+
<br>
+
<b>Step 10</b> Open the Zulu.xml file on your machine in a text editor. The Zulu.xml file is found at /Library/360Works/Applications/conf/Catalina/localhost/zulu.xml on Mac and C:\Program Files\360Works\Applications\conf\Catalina\localhost/zulu.xml on Windows . Look for the section that says "Customize these parameters to use your own Google Calendar API key"<br>
+
<br>
+
<b>Step 11</b> Copy the value for "client_ID" and paste it in for the value for the "google.client.id" parameter in the zulu.xml file. Copy the value for the "client_secret" and then paste it in for the value of the "google.client.secret" parameter in the zulu.xml file. and then save the zulu.xml file<br>
+
<br>
+
<b>Step 12</b> Restart Zulu using the 360Works Admin utility found in /Applications on Mac and C:\Program Files\360Works on Windows. Launch the file, select Zulu and click Stop and then Start.
+
<br><br>
+
'''Note:''' If you have a pre-existing Google sync with Zulu, you will need to edit your configurations to apply these new Google API Keys.  Step through the configuration, and on the step where you authenticate to Google, do this:
+
* Select "Sync with Exchange"
+
* Select "Sync with Google" again
+
  
This will allow you to re-authenticate your Google account, and store this new authentication as part of the sync configuration.
+
* Now that the client is created, we need to enable the proper APIs and select the proper scopes. See the following pages for product specific steps:
 +
::[[Email_Plugin_-_Google_APIs_and_Scopes]]
 +
::[[Zulu - Google APIs and Scopes]]

Latest revision as of 16:24, 24 March 2021

[edit] Overview

Google API Keys are needed for OAuth logins for a number of 360Works products. These keys can also be used to [Access FileMaker Databases using OAuth]. This guide will walk you through setting up an OAuth consent screen and getting Google API Keys.

[edit] Generate your own keys

Step 1 Go to https://console.developers.google.com/ . If you do not already have a Google account, you will need to create one. It is recommended that if you are setting this up that you go ahead and create a new account with a username and password that you are comfortable sharing with your users/co-workers

  • Click Create Project.

Step1.png

  • Give the project a name, then click "Create".

GoogleOAuthConsent NewProject.png

  • Now let's set up the OAuth Consent Screen, use the menu to navigate there:

GoogleOAuthConsentScreen OAuthConsent.png

  • For User Type, we will be using "External", which will work for anyone with a Google account, but will show a warning that the app is not verified. If you are a G Suite user, you may choose "Internal" here, and avoid the warning, but this will only work for users inside your G Suite account.
  • Click "Create"

GoogleOAuthConsentScreen SelectUserType.png

  • On the next screen, fill out the following required fields:
  1. App Name (Can be anything)
  2. User Support Email (Use your logged in Gmail address)
  3. Authorized Domains (Use "360Works.com", this is necessary for the OAuth redirect later)
  4. Developer Contact Information (Use your logged in Gmail address)
  • Once all required fields are filled out, click "Save and Continue"

GoogleOAuthConsentScreen AppInformation1.png

GoogleOAuthConsentScreen AppInformation2.png

  • Skip the Scopes for now, we need to enable the API so that we can select them, and we will do that later.
  • Click "Save and Continue"

GoogleOAuthConsentScreen SkipScopes.png

  • Test Users (External accounts only. If you are a GSuite user and selected "Internal" earlier, you may skip this.)
  • Add the Gmail addresses for each user that you will want to be able to authenticate with. For example, if you want to use the Email Plugin to send emails through Gmail, you will need to add the Gmail address you want to send from here. Another example, if you want Zulu to sync with a specific user's Google Calendar, add that user's email address here.
  • Click "Save and Continue"

GoogleOAuthConsentScreen TestUsers.png

  • Summary Screen. Review the details on the summary. If everything looks correct, click the "Back To Dashboard" button.


  • Getting Credentials. After saving the OAuth Consent Screen, navigate to "Credentials" from the menu

GoogleOAuthCredentials Start.png

  • Click "+ Create Credentials", then select "OAuth client ID"

GoogleOAuthCredentials CreateOAuthCreds.png

  • Fill out the form with the following values:
Application Type : Web Application
Name : MyOAuthClient (This can be anything though)
Authorized Redirect URIs : Add both of the following
https://oauth.360works.com/oauth
https://zuluauth.360works.com/zuluauth/auth
  • Click "Create"

GoogleOAuthCredentials CreateClientID.png

  • Once the OAuth Client is created, you will be presented with the Client ID and Client Secret. Save these, as you might not be able to access them later.

GoogleOAuthCredentials ClientCreated.png

  • Now that the client is created, we need to enable the proper APIs and select the proper scopes. See the following pages for product specific steps:
Email_Plugin_-_Google_APIs_and_Scopes
Zulu - Google APIs and Scopes
Personal tools
Namespaces

Variants
Actions
Plug-in Products
Other Products
Navigation
Toolbox