route1io_connectors.google.credentials module

Google Credentials

Lightweight helper functions for easily going through all steps of the OAuth flow process for accessing Google APIs. All functions return authenticated and authorized credentials.

References

route1.io blog post on creating OAuth 2.0 credentials:

https://www.route1.io/configuring-oauth-2-0-access-to-the-google-apis/

Google’s example on credential access:

https://developers.google.com/docs/api/quickstart/python

To create credentials:

https://console.cloud.google.com/apis/credentials

To enable APIs:

https://console.cloud.google.com/apis/library

Available OAuth 2.0 scope URL endpoints:

https://developers.google.com/identity/protocols/oauth2/scopes

Examples

Generally the use case is for automating tasks that require accessing Google APIs such as Sheets or Drive. Developers should first create an app on Google Cloud Platform, enable relevant APIs, create OAuth 2.0 credentials, and then download those credentials to their local machine.

Sample code for getting credentials for Google Drive API:

SCOPES = [”https://www.googleapis.com/auth/drive”] CLIENT_SECRETS_FPATH = “/path/to/client/secrets.json” TOKEN_FPATH = “/path/to/save/token.json” creds = get_token_from_full_auth_flow(TOKEN_FPATH, CLIENT_SECRETS_FPATH, SCOPES)

get_token_from_full_auth_flow(authorized_user_file: str, client_secrets_file: str, scopes: List[str], port: int = 0) google.oauth2.credentials.Credentials

Return authorized and authenticated credentials for accessing Google APIs. If refresh token hasn’t yet been generated or is invalid, this function will open a user consent screen and then save the credentials that are returned.

Reference code sample: https://developers.google.com/docs/api/quickstart/python

Parameters

  • authorized_user_file (str) – Filepath to token JSON file. If file does not exist then this becomes the filepath the token will be dumped to for future use after going through the user consent screen.

  • client_secrets_file (str) – Filepath to client secrets file downloaded from GCP after creating credentials

  • scopes (List[str]) – Enabled APIs that we want our app to have access to

  • port (int) – Port to open user consent screen on

Returns

creds – Authenticated and authorized credentials for accessing Google API

Return type

google.oauth2.credentials.Credentials

Return valid credentials after opening user consent screen authorizing the app to access scopes enabled for the app outlined in client secrets file.

Parameters

  • client_secrets_file (str) – Filepath to client secrets file downloaded from OAuth 2.0 Client IDs on Google Cloud Platform after generating OAuth credentials

  • scopes (List[str]) – Scopes of APIs that have been enabled on Google Cloud Platform

  • port (int = 0) – Port to open user consent screen on

  • fpath (str = None) – If specified, dumps the token to this filepath as a JSON

Returns

creds – Authenticated and authorized credentials for accessing Google API

Return type

google.oauth2.credentials.Credentials

refresh_token_from_authorized_user_file(authorized_user_file: str)

Return valid credentials after refreshing from previously saved credentials.

authorized_user_filestr

Filepath to a file containing refresh token and various credentials acquired after user consented to scopes.

Returns

creds – Authenticated and authorized credentials for accessing Google API

Return type

google.oauth2.credentials.Credentials

refresh_token_from_credentials(refresh_token: str, client_id: str, client_secret: str, scopes: List[str] = None) google.oauth2.credentials.Credentials

Return valid credentials refreshed from explicitly passed refresh token, client ID, and client secret

Parameters

  • refresh_token (str) – Valid refresh token

  • client_id (str) – Client ID acquired from creating credentials in APIs & Services on GCP

  • client_secret (str) – Client secret acquired from creating credentials in APIs & Services on GCP

  • scopes (List[str] = None) – Optional scopes to pass. This has no bearing on the token refresh but it’s a good idea to explicitly set what scopes we have access to to keep track of permissions.

Returns

creds – Authenticated and authorized credentials for accessing Google API

Return type

google.oauth2.credentials.Credentials