google creds and expanding text

2026-03-27 09:28:43 +07:00 · 2022-09-27 17:14:03 +01:00
parent 572ad45e60
commit ca242c36a5
5 changed files with 123 additions and 48 deletions
--- a/_snippets/integrations/builtin/credentials/google/enable-apis.md
+++ b/_snippets/integrations/builtin/credentials/google/enable-apis.md
@@ -0,0 +1,4 @@
+1. Access your [Google Cloud Console](https://console.cloud.google.com){:target=_blank .external-link}.
+2. From the hamburger menu, select **APIs & Services > Library**.
+3. Search for and select the API(s) you want to enable.
+5. Select **ENABLE**.
--- a/docs/_extra/css/extra.css
+++ b/docs/_extra/css/extra.css
@@ -27,9 +27,30 @@

    /* https://squidfunk.github.io/mkdocs-material/setup/changing-the-fonts/?h=font#additional-fonts */
    --md-text-font: "Moderat-Regular-Web";
+	/* https://squidfunk.github.io/mkdocs-material/reference/admonitions/#custom-admonitions */
+	--md-admonition-icon--details: url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>');
 }


+	
+  /* https://squidfunk.github.io/mkdocs-material/reference/admonitions/#custom-admonitions */
+  .md-typeset .admonition.details,
+  .md-typeset details.details {
+	border-color: var(--color-background-dark);
+  }
+  .md-typeset .details > .admonition-title,
+  .md-typeset .details > summary {
+	background-color: rgba(16,19,48, 0.1);
+  }
+  .md-typeset .details > .admonition-title::before,
+  .md-typeset .details> summary::before {
+	background-color: rgb(16,19,48);
+	-webkit-mask-image: var(--md-admonition-icon--details);
+			mask-image: var(--md-admonition-icon--details);
+  }
+  
+
+

  /* light mode */

--- a/docs/_images/integrations/builtin/credentials/google/oauth_callback.png
+++ b/docs/_images/integrations/builtin/credentials/google/oauth_callback.png
--- a/docs/credentials/add-edit-credentials.md
+++ b/docs/credentials/add-edit-credentials.md
@@ -2,7 +2,7 @@

 You can get to the credential modal by either: 

-* Opening the left menu, then selecting **Credentials** > **Add credential**.
+* Opening the left menu, then selecting **Credentials** > **New** and browsing for the service you want to connect to.
 * Selecting **Create New** in the **Credential** dropdown in a node.

 Once in the credential modal, enter the details required by your service. Refer to your service's page in the [credentials library](/integrations/builtin/credentials/) for guidance.
--- a/docs/integrations/builtin/credentials/google.md
+++ b/docs/integrations/builtin/credentials/google.md
@@ -1,6 +1,6 @@
 # Google

-There are two authentication methods available for Google services nodes, [OAuth2](https://developers.google.com/identity/protocols/oauth2) and the [Service Account](https://developers.google.com/identity/protocols/oauth2#serviceaccount) authentication. Refer to the official Google documentation to learn which is appropriate for your case case.
+There are two authentication methods available for Google services nodes, [OAuth2](https://developers.google.com/identity/protocols/oauth2){:target=_blank .external-link} and [Service Account](https://cloud.google.com/iam/docs/understanding-service-accounts){:target=_blank .external-link}. Usually, n8n recommends using OAuth. It's more widely available, and easier to set up. Refer to the [Google documentation: Understanding service accounts](https://cloud.google.com/iam/docs/understanding-service-accounts){:target=_blank .external-link} for guidance on when you need service account.

 Most nodes are [compatible](#compatible-nodes) with OAuth2 authentication. Support for Service Account authentication is limited.

@@ -41,7 +41,7 @@ Once configured, you can use your credentials to authenticate the following node
 | [YouTube](/integrations/builtin/app-nodes/n8n-nodes-base.youTube/) | :white_check_mark: | :x: |

 !!! note "Note for n8n Cloud users"
-    For the following nodes, you only need to enter the **Credentials Name** and click on the **Sign in with Google** button in the OAuth section to connect your Google account to n8n:
+    For the following nodes, you can authenticate by entering the **Credentials Name** and selecting **Sign in with Google** in the OAuth section to connect your Google account to n8n:

    * [Google Calendar](/integrations/builtin/app-nodes/n8n-nodes-base.googleCalendar/)
    * [Google Contacts](/integrations/builtin/app-nodes/n8n-nodes-base.googleContacts/)
@@ -51,31 +51,40 @@ Once configured, you can use your credentials to authenticate the following node

 ## Using OAuth

-From your [Google Cloud Console](https://console.cloud.google.com){:targe=_blank .external-link} dashboard:
+### Create a new credential in n8n

-1. Click on the hamburger menu and select **APIs & Services > Credentials**.
-2. Click on **+ CREATE CREDENTIALS** and select **OAuth client ID**.
+1. Follow the steps to [Create a credential](/credentials/add-edit-credentials/). If you create a credential by selecting **Create new** in the credentials dropdown in a node, n8n automatically creates the correct credential type for that node. If you select **Credentials > New**, you must browse for the credential type:
+	* To connect with a specific service, using resources and operations supported by n8n, choose that service. For example, to create a credential for use in the Gmail node, search for `Gmail`.
+	* To create a credential for a [custom API call](/integrations/custom-operations/), select **Google OAuth2 API**. This allows you to create a generic credential, then set its scopes.
+2. Note the **OAuth Redirect URL** from the node credential modal. You'll need this in the next section.
+![OAuth Callback URL](/_images/integrations/builtin/credentials/google/oauth_callback.png)
+3. If you're creating a generic Google OAuth2 API credential (rather than a credential for a specific service), you must provide the scopes for this credential. Refer to [Scopes](#scopes) for more information.

-    !!! note "Note for new users"
-        If you're creating OAuth credentials for the first time, you will have to [configure the consent screen](https://support.google.com/cloud/answer/10311615?hl=en&ref_topic=3473162){:targe=_blank .external-link}.
+### Set up OAuth in Google Cloud
+
+In your [Google Cloud Console](https://console.cloud.google.com){:targe=_blank .external-link} dashboard:
+
+1. Select the hamburger menu **> APIs & Services > Credentials**. Google takes you to your **Credentials** page.
+2. Select **+ CREATE CREDENTIALS > OAuth client ID**.
+
+    !!! note "New users"
+        If you're creating OAuth credentials for the first time, you must [configure the consent screen](https://support.google.com/cloud/answer/10311615?hl=en&ref_topic=3473162){:target=_blank .external-link}.
    
+3. In the **Application type** dropdown, select **Web application**. Google automatically generates a name.
+4. In Google Cloud, select **+ ADD URI**. Paste in the OAuth redirect URL from the previous step.
+5. Select **CREATE**.
+6. Enable each Google service API that you want to use:
+	--8<-- "_snippets/integrations/builtin/credentials/google/enable-apis.md"

-3. From the **Application type** dropdown select **Web application**. A name is automatically generated, change it if desired.
-4. From the **Authorized redirect URIs** section, select **+ Add URI**.
-5. Enter the **OAuth Callback URL** provided in the Google node credential modal:
-    ![OAuth Callback URL](/_images/integrations/builtin/credentials/google/oauth_callback.png)
-6. Click the **CREATE** button.
+### Create and test your connection

-From your n8n instance:
+In n8n:

-7. Enter your new **Client ID** and **Client Secret** from Google Cloud Console in the n8n Credentials modal.
-8. Enter a **Credentials Name**.
-9. Click on the **Sign in with Google** button to complete your Google authentication.
-10. **Save** your new credentials in n8n.
+1. Enter your new **Client ID** and **Client Secret** from Google Cloud Console in the credentials modal.
+2. Select **Sign in with Google** to complete your Google authentication.
+3. **Save** your new credentials.

-Now you must [enable](#enable-apis) each Google service API that you want to use.
-
-The following video demonstrates the steps mentioned above.
+The following video demonstrates the steps described above:

 <div class="video-container">
 <iframe width="840" height="472.5" src="https://www.youtube.com/embed/gZ6N2H3_vys" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
@@ -83,48 +92,89 @@ The following video demonstrates the steps mentioned above.

 ## Using Service Account

-From your [Google Cloud Console](https://console.cloud.google.com){:targe=_blank .external-link} dashboard:
+Using service accounts is more complex than OAuth2. Before you begin:

-1. Click on the hamburger menu and select **APIs & Services > Credentials**.
-2. Click on **+ CREATE CREDENTIALS** and select **Service account**.
-3. Enter a name in the **Service account name** field.
-4. Click on the **CREATE** button.
+* Make sure you really need to use service account. For most use cases, OAuth2 is a better option.
+* Read the Google documentation on [Creating and managing service accounts](https://cloud.google.com/iam/docs/creating-managing-service-accounts){:target=_blank .external-link}.
+
+### Create a new credential in n8n
+
+1. Follow the steps to [Create a credential](/credentials/add-edit-credentials/). 
+
+	!!! note "Generic and specific credentials"
+		If you create a credential by selecting **Create new** in the credentials dropdown in a node, n8n automatically creates the correct credential type for that node. If you select **Credentials > New**, you must browse for the credential type:
+
+		* To connect with a specific service, using resources and operations supported by n8n, choose that service. For example, to create a credential for use in the Gmail node, search for `Gmail`.
+		* To create a credential for a [custom API call](/integrations/custom-operations/), select **Google API**.
+
+2. Note the **Private Key** from the node credential modal. You'll need this in the next section.
+
+### Set up service account in Google Cloud
+
+In your [Google Cloud Console](https://console.cloud.google.com){:target=_blank .external-link} dashboard:
+
+1. Select the hamburger menu **> APIs & Services > Credentials**. Google takes you to your **Credentials** page.
+2. Select **+ CREATE CREDENTIALS > Service account**.
+3. Enter a name in **Service account name**, and an ID in **Service account ID**. Refer to [Creating a service account](https://cloud.google.com/iam/docs/creating-managing-service-accounts?hl=en#creating){:target=_blank .external-link} for more information.
+4. Select **CREATE AND CONTINUE**.
 5. Based on your use-case, you may want to **Select a role** and **Grant users access to this service account**  using the corresponding sections.
-6. Click **Done**.
-7. Select your newly created service account under the **Service Accounts** section and open the **Keys** tab.
-8. Click on **ADD KEY** and select **Create new key**.
-9. In the modal that appears, select **JSON** and click **Create**. n8n saves the file to your computer.
+6. Select **DONE**.
+7. Select your newly created service account under the **Service Accounts** section. Open the **KEYS** tab.
+8. Select **ADD KEY > Create new key**.
+9. In the modal that appears, select **JSON**, then select **CREATE**. Google saves the file to your computer.
+10. Enable each Google service API that you want to use:
+	--8<-- "_snippets/integrations/builtin/credentials/google/enable-apis.md"

-From you n8n instance:
+### Create and test your connection

-10. Enter a **Credentials Name**.
-11. In the **Service Account Email** field, enter the email associated with your new Service Account (visible in the **Details** tab).
-12. Enter the **Private Key** from the downloaded JSON file. If you are running an n8n version older than 0.156.0: replace all instances of `\n` in the JSON file with new lines.
-13. Optional: Click the toggle to enable [**Impersonate a User**](https://developers.google.com/identity/protocols/oauth2/service-account#delegatingauthority){:targe=_blank .external-link} and enter the desired email.
-14. **Save** your credentials.
+In n8n:

-Now you must [enable](#enable-apis) each Google service API that you want to use.
+1. In the **Service Account Email** field, enter the email associated with your new Service Account (you can find this in the **Details** tab in Google Cloud).
+2. Enter the **Private Key** from the downloaded JSON file. If you're running an n8n version older than 0.156.0: replace all instances of `\n` in the JSON file with new lines.
+3. **Optional**: Click the toggle to enable [**Impersonate a User**](https://developers.google.com/identity/protocols/oauth2/service-account#delegatingauthority){:target=_blank .external-link} and enter the email.
+4. **Save** your credentials.

-The following video demonstrates the steps mentioned above.
+The following video demonstrates the steps described above.

 <div class="video-container">
 <iframe width="840" height="472.5" src="https://www.youtube.com/embed/ArXVlpo3y1k" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
 </div>

-## Enable APIs
+## Scopes

-To enable an API, follow the steps below:
+Many Google services have multiple possible access scopes. A scope limits what a user can do. Refer to [OAuth 2.0 Scopes for Google APIs](https://developers.google.com/identity/protocols/oauth2/scopes){:target=_blank .external-link} for a list of scopes for all services.
+
+n8n doesn't support all scopes. When creating a generic Google OAuth2 API credential, you can enter scopes from the list. If you enter a scope that n8n doesn't already support, it won't work.
+
+??? Details "Supported scopes"
+	| Service | Available scopes |
+	| ------- | ---------------- |
+	| Gmail | 	https://www.googleapis.com/auth/gmail.labels <br /> https://www.googleapis.com/auth/gmail.addons.current.action.compose <br />	https://www.googleapis.com/auth/gmail.addons.current.message.action <br /> https://mail.google.com/ <br /> https://www.googleapis.com/auth/gmail.modify <br />	https://www.googleapis.com/auth/gmail.compose |
+	| Google Ads | https://www.googleapis.com/auth/adwords |
+	| Google Analytics | https://www.googleapis.com/auth/analytics <br /> https://www.googleapis.com/auth/analytics.readonly |
+	| Google Big Query | https://www.googleapis.com/auth/bigquery |
+	| Google Books | https://www.googleapis.com/auth/books |
+	| Google Calendar | 	https://www.googleapis.com/auth/calendar <br /> https://www.googleapis.com/auth/calendar.events |
+	| Google Cloud Natural Language | https://www.googleapis.com/auth/cloud-language <br /> https://www.googleapis.com/auth/cloud-platform |
+	| Google Cloud Storage | https://www.googleapis.com/auth/cloud-platform <br /> https://www.googleapis.com/auth/cloud-platform.read-only <br /> https://www.googleapis.com/auth/devstorage.full_control <br /> https://www.googleapis.com/auth/devstorage.read_only <br /> https://www.googleapis.com/auth/devstorage.read_write |
+	| Google Contacts | https://www.googleapis.com/auth/contacts |
+	| Google Docs | https://www.googleapis.com/auth/documents <br /> https://www.googleapis.com/auth/drive <br /> https://www.googleapis.com/auth/drive.file |
+	| Google Drive | https://www.googleapis.com/auth/drive <br /> https://www.googleapis.com/auth/drive.appdata <br /> https://www.googleapis.com/auth/drive.photos.readonly |
+	| Google Firebase Cloud Firestore | https://www.googleapis.com/auth/datastore <br /> https://www.googleapis.com/auth/firebase |
+	| Google Firebase Realtime Database | https://www.googleapis.com/auth/userinfo.email <br /> https://www.googleapis.com/auth/firebase.database <br /> https://www.googleapis.com/auth/firebase |
+	| Google Perspective | https://www.googleapis.com/auth/userinfo.email |
+	| Google Sheets | https://www.googleapis.com/auth/drive.file <br /> https://www.googleapis.com/auth/spreadsheets |
+	| Google Slide | https://www.googleapis.com/auth/drive.file <br /> https://www.googleapis.com/auth/presentations |
+	| Google Tasks | https://www.googleapis.com/auth/tasks |
+	| Google Translate | https://www.googleapis.com/auth/cloud-translation |
+	| GSuite Admin | https://www.googleapis.com/auth/admin.directory.group <br /> https://www.googleapis.com/auth/admin.directory.user <br /> https://www.googleapis.com/auth/admin.directory.domain.readonly <br /> https://www.googleapis.com/auth/admin.directory.userschema.readonly |

-1. Access your [Google Cloud Console](https://console.cloud.google.com){:targe=_blank .external-link}.
-2. From the hamburger menu select **APIs & Services > Library**.
-3. Search for and select the API(s) you want to enable.
-5. Click on the **ENABLE** button.

 ## Troubleshooting

 ### Google hasn't verified this app

-If using the OAuth authentication method, you might come across the warning **Google hasn't verified this app**. To avoid this, you can create OAuth credentials from the same account you want to authenticate. However, if you're using credentials that were generated by another account (by a developer or another third party), do the following:
+If using the OAuth authentication method, you might see the warning **Google hasn't verified this app**. To avoid this, you can create OAuth credentials from the same account you want to authenticate. However, if you're using credentials that were generated by another account (by a developer or another third party), do the following in Google Cloud:

 1. Click on **Advanced**.
 2. Click on **Go to CREDENTIALS_NAME (unsafe)**. `CREDENTIALS_NAME` is the name of the credentials created by the third party.
@@ -132,10 +182,10 @@ If using the OAuth authentication method, you might come across the warning **Go

 ### Service Account cannot access Google Drive files

-A Service Account can only access Google Drive files and folders that were shared with it's associated user email.
+A Service Account can't access Google Drive files and folders that weren't shared with its associated user email.

-1. Access your [Google Cloud Console](https://console.cloud.google.com){:targe=_blank .external-link} and copy your Service Account email.
-2. Access your [Google Drive](https://drive.google.com){:targe=_blank .external-link} and go to the designated file or folder.
+1. Access your [Google Cloud Console](https://console.cloud.google.com){:target=_blank .external-link} and copy your Service Account email.
+2. Access your [Google Drive](https://drive.google.com){:target=_blank .external-link} and go to the designated file or folder.
 3. Right-click on the file or folder and select **Share**.
 4. Paste your Service Account email into **Add People and groups**.
 5. Select **Editor** for read-write access or **Viewer** for read-only access.