Google's Guide: https://developers.google.com/identity/protocols/oauth2/service-account
Authorization protocol: OAuth 2.0
User Impersonation tokens
Google Service Accounts allow you to retrieve access tokens for any user in a G Suite / Google Workspace account with user impersonation. To get tokens for a specific user, use the
provider_user_idquery parameter in the Get User Connection API call. See Retrieve user tokens for more information.
- In the Xkit platform, click "New connector" in the sidebar.
- Click "Google Drive Service Account".
- Next, in a separate window, visit the Google Cloud Platform.
- Hover the cursor over "IAM & Admin" and click on Service Accounts
- Click "CREATE PROJECT", enter the name of your application and click "CREATE".
- From the Google Service Accounts page, click on your project.
- Click "+ Create Service Account" at the top of the page.
- Enter the requested "Service Account Details" and click "Create".
- Continue through the "Service Account Permissions" and then click "Done" on the "Grant Users Access to this Service Account" to create the service account.
- Click on the recently created service account.
- Scroll down and click on "Add Key" and then "Create new key" to download the JSON file.
- Use the sidebar to go to the "API & Services" dashboard
- Click "ENABLE APIS AND SERVICES".
- Search "Google Drive" and click on it.
- Click "ENABLE".
- Return to the Xkit Google Drive Service Account connector page.
- Click "Select File" and upload the downloaded JSON file; the info will populate in the Xkit fields.
- Click "Save" to update the service provider settings.
- Confirm the "Catalog Settings" and click "Save".
- Select the requested Scopes and click "Save".
You've now successfully connected Google Drive Service Account with Xkit!
You'll note that the
https://www.googleapis.com/auth/admin.directory.user.readonly scope is required in order to use Google Service Accounts.
Supplying this scope gives you read-only access to the Directory API of the Admin SDK. In order to retrieve tokens for each individual user in a Google Workspace / G Suite organization, you need to:
- Enable the Admin SDK for your application in the developer console
- Call the List Users endpoint to get a list of all users in an organization
- Use each user's email address in the
provider_user_idquery parameter in the Get User Connection API to retrieve an access token for each user
Each individual access token will enable you to impersonate the specific user.
Updated over 1 year ago