Skip to Content

Authentication prerequisites for the Google Drive connector in Jitterbit Studio

Introduction

These are the prerequisites for authenticating with the Google Drive connector using either a 3-legged OAuth 2.0 (3LO) client credential or a private key associated with a Google Cloud service account.

Note

Both authorization methods require Google Cloud Console access for configuration.

Agent version 10.83 / 11.21 or later is required to use 3-legged OAuth 2.0 authentication.

3-legged OAuth 2.0 (3LO)

Follow these steps to configure a 3-legged OAuth 2.0 (3LO) client:

  1. In the Google Cloud Console, create a Google Cloud project or select an existing project for authentication.

  2. Enable the Google Drive API for the selected project using the Google Drive API marketplace page.

  3. Configure the OAuth consent screen for the selected project. For the Data Access > Add or Remove Scopes step, enter these Google Drive scopes:

    Scope Activity
    https://www.googleapis.com/auth/drive All
    https://www.googleapis.com/auth/drive.file All
    https://www.googleapis.com/auth/drive.metadata All
    https://www.googleapis.com/auth/drive.metadata.readonly List Files
    https://www.googleapis.com/auth/drive.meet.readonly List Files
    https://www.googleapis.com/auth/drive.photos.readonly List Files
    https://www.googleapis.com/auth/drive.readonly Get File, List Files

  4. Navigate to APIs & Services > Credentials and click Create credentials > OAuth client ID to open the Create OAuth client ID configuration page:

    1. Select Web application for Application type.

    2. Enter any name for Name.

    3. Add one of the following URLs (depending on your organization's region) to the Authorized redirect URIs list:

      Region URL
      APAC https://apps.apac-southeast.jitterbit.com/design-studio/api/v1/oauth/authcode
      EMEA https://apps.emea-west.jitterbit.com/design-studio/api/v1/oauth/authcode
      NA https://apps.na-east.jitterbit.com/design-studio/api/v1/oauth/authcode

  5. Click Create to generate the OAuth client and its credential file.

  6. When complete, an OAuth client created dialog appears. Click Download JSON to download the JSON credential file containing the Client ID and Client secret for later use:

    Example JSON credential file
    {
    "web": {
        "client_id": "...",
        "project_id": "my-project-123456",
        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
        "token_uri": "https://oauth2.googleapis.com/token",
        "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
        "client_secret": "...",
        "redirect_uris": [
            "https://apps.my-region.jitterbit.com/design-studio/api/v1/oauth/authcode"
        ]
    }
}

  7. Click OK to close the dialog. The newly generated credential is now shown under OAuth 2.0 Client IDs.

Configure an app registration in the Management Console

Follow these steps to configure required values for a Management Console private application app registration:

  1. Gather the required information from the JSON credential file downloaded when configuring the Google Drive OAuth client above:

    • Client ID (client_id)
    • Client secret (client_secret)
    • Authorization URL (auth_uri)
    • Access token URL and refresh token URL (token_uri)

  2. In the app registration's configuration, enter these Google Drive scopes:

    Scope Activity
    https://www.googleapis.com/auth/drive All
    https://www.googleapis.com/auth/drive.file All
    https://www.googleapis.com/auth/drive.metadata All
    https://www.googleapis.com/auth/drive.metadata.readonly List Files
    https://www.googleapis.com/auth/drive.meet.readonly List Files
    https://www.googleapis.com/auth/drive.photos.readonly List Files
    https://www.googleapis.com/auth/drive.readonly Get File, List Files

  3. Set the app's Client ID to the client_id value in your credential file.

  4. Set the app's Client Secret to the client_secret value in your credential file.

  5. Set the app's Authentication URL to the auth_uri value in your credential file. For example, https://accounts.google.com/o/oauth2/auth.

  6. Set the app's Access token URL and Refresh token URL to the token_uri value in your credential file. For example, https://oauth2.googleapis.com/token.

  7. Go to Advanced options. In the Authentication request tab, create these key-value pairs under Parameters:

    Key Value Send in
    response_type code Request URL
    access_type offline Request URL

Once the private application is registered on the App Registrations page, it is available to be selected in the OAuth application menu in the Google Drive connection when using the OAuth authentication option.

Private key authentication with a service account

Follow these steps to create a service account and grant roles to provide access to the Google Cloud project to be used with the Google Drive connector:

  1. In the Google Cloud Console, create a Google Cloud project or select an existing project for authentication.

  2. Enable the Google Drive API for the selected project using the Google Drive API marketplace page.

  3. In the navigation menu, navigate to IAM & Admin > Service Accounts.

  4. Click Create Service Account, located along the top of the page.

  5. Enter the Service account details:

    Service account details

    • Service account name: Enter any string for the service account name.

    • Service account ID: This field is automatically populated to match the Service account name and can be edited, if desired.

    • Service account description: Enter a description for the service account.

  6. Click Create and Continue.

  7. Assign a role to allow access to the project (required for a successful connection in the Google Drive connector):

    Assign roles

    • Role: Using the menu, select Owner as the Role, then click Continue.

  8. Optionally, grant access to the service account to specific users:

    Assign users

  9. Click Done.

Note

To use the List files activity, you must separately grant access to these Google Drive scopes:

https://www.googleapis.com/auth/drive
https://www.googleapis.com/auth/drive.file
https://www.googleapis.com/auth/drive.readonly
https://www.googleapis.com/auth/drive.metadata.readonly
https://www.googleapis.com/auth/drive.metadata
https://www.googleapis.com/auth/drive.meet.readonly
https://www.googleapis.com/auth/drive.photos.readonly

Obtain service account credentials

Follow these steps to obtain the credentials required for connection configuration:

  1. On the Service accounts page, click the Actions menu for the service account created above, then click Manage keys.

  2. Click Add Key > Create new key, select JSON as the Key type, and then click Create to download the JSON file to your computer:

    Create key

  3. Open the downloaded JSON file in a text editor and retain the values of the project_id, client_email, and private_key to be used during connection configuration.