- Description
- Usage
- API client service authorization and instantiation
- Other examples
- Configuration parameters
EasyRPA Open Framework Google Services library provides functionality to perform authentication, authorization and instantiation of Google Workspace API client services like Drive, Sheets, Calendar etc. It hides lots of implementation and configuration details behind that is very important in case of using it within RPA process. When the business logic of the process should be easy to read and perceive and implementation details should not interfere to do it.
To start use the library first you need to add corresponding Maven dependency to your project.
<dependency>
<groupId>eu.easyrpa</groupId>
<artifactId>easy-rpa-openframework-google-services</artifactId>
<version>1.0.0</version>
</dependency>Additionally, to let the library collaborate with RPA platform make sure that Maven dependency to corresponding adapter is added also.
<dependency>
<groupId>eu.easyrpa</groupId>
<artifactId>easy-rpa-adapter-for-openframework</artifactId>
<version>2.3.1</version>
</dependency>The key feature of Google Services library is a GoogleServiceProvider. It's helper class that covers all steps
related to Google Workspace API authorization within requested scope and instantiation of corresponding
API client service. As result, using this class it's possible to create a new authorized instance of API client
service with one line of code.
Below the example of using GoogleServiceProvider to create a new instance of Calendar client service of
Google Calendar API.
@Inject
private GoogleServicesProvider googleServicesProvider;
public void execute() {
...
Calendar calendar = googleServicesProvider.getService(Calendar.class, CalendarScopes.CALENDAR_EVENTS);
...
}For creating of GoogleServicesProvider the OAuth client JSON should be provided as information necessary
for authentication on Google Cloud. In case of injection of GoogleServicesProvider using @Inject annotation
this information is expected to be defined in configuration parameters of the RPA process under the key
google.services.auth.secret. The value of this parameter is an alias of secret vault entry with
OAuth client JSON.
google.services.auth.secret=robot.google.accountrobot.google.account=<secret OAuth client JSON>How to get this OAuth client JSON? In order to work with Google Workspace API it's necessary to have Google Cloud project with configured authentication and authorization for using corresponding API. Follow next steps to do everything properly.
- Create a Google Cloud project if it doesn't exist yet.
- Enable the APIs that are going to be used in the Google Cloud project.
- Configure OAuth consent screen to let robot requests the access to necessary data.
- Create OAuth client ID credentials to authenticate the robot.
Read how Google Workspace APIs authentication and authorization works and Authentication Best Practices for some more useful information.
After creating of OAuth client ID the corresponding OAuth client JSON can be downloaded by the following way:
- Open the Google Cloud Console
- At the top-left, click Menu > APIs & Services > Credentials.
- Lookup a record with created previously OAuth client ID.
- In the end of row choose Download OAuth client action.
- Click DOWNLOAD JSON button in the opened window.
The downloaded JSON should looks as follows:
{
"installed": {
"client_id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com",
"project_id": "XXXXXXX-XXXXXX",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_secret": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"redirect_uris": [
"urn:ietf:wg:oauth:2.0:oob",
"http://localhost"
]
}
}Please refer to Google Services Examples to see more examples of using this library.
Below the full list of possible parameters that the Email library expects in configuration parameters of the RPA process.
| Parameter | Value |
|---|---|
google.services.auth.secret |
The alias of secret vault entry with OAuth client JSON necessary for authentication on Google Cloud. For information regarding how to configure OAuth client see OAuth client ID credentials The value of secret vault entry should be a JSON with following structure: {
"installed":{
"client_id":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com",
"project_id":"XXXXXXX-XXXXXX",
"auth_uri":"https://accounts.google.com/o/oauth2/auth",
"token_uri":"https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs",
"client_secret":"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"redirect_uris":[
"urn:ietf:wg:oauth:2.0:oob",
"http://localhost"
]
}
}
|
google.services.auth.token.stores.dir |
Path to directory where StoredCredentials file should be created and located. The StoredCredentials file is
used to persist Google credential's access and refresh tokens that are necessary for accessing of Google Cloud. Exp: C:\Users\Default\AppData\Local\Google\tokensFor information regarding persisting of OAuth 2.0 access tokens see Data Store section |
google.services.auth.code.receiver |
The host name or IP-address with port number of authorization code receiver on the robot machine. As soon as
OAuth consent screen is confirmed the authorization code is generated and should be returned back to the
robot to let him continue the work. The robot opens a socket on the machine where he works and waits
response with authorization code. By default, the value of this parameter is localhost:8888. It means that consents steps can be
completed only on the same machine where robot is working that in case of unattended robots work is
not possible to do. To solve it the value of this parameter should be exact IP-address or host name of robot
machine. After that consents steps can be completed on another machine in the same network. For example,
the consent screen can be opened by human who will authorize robot to do some work.Exp: 172.156.65.78:8888
|