Connecting to Google services using custom OAuth client
This article will show you how to create your own project in Google Cloud Console and a custom OAuth client. This is useful for connecting restricted Google services, like Google Drive or Gmail, to Execution Management System..
Note
The following procedure is intended for:
Personal use (@gmail.com and @googlemail.com users)
Internal use (Google Workspace (formerly GSuite) users that prefer to use a custom OAuth client)
Prerequisites:
a Google account
Follow these steps to create a custom OAuth client for Google services:
Sign in to Google Cloud Platform using your Google credentials.
Open the Dashboard, and click the CREATE PROJECT button.
Choose a name for your project, then click Create.
Click Enable APIs and services.
In the Enable APIs and services field, enter the name of the service you want to use (for example, Gmail API, Google Drive API, or YouTube Data API v3).
The desired service option should display as you type. Click the API/service you want to connect to Execution Management System.
Click Enable.
Go to APIs & Services > OAuth consent screen settings, choose the External option, then click Create.
Note
You will not be charged when selecting this option. For more details, refer to Google's Exceptions to verification requirements.
Fill in the required fields as follows:
For OAuth consent screen section:
Application name
Enter the name of the app asking for consent.
For example,
Celonis.User Support Email
Select your email.
Authorized domains
celonis.comDeveloper contact information
Enter your email.
For the Scopes section:
Click the Add or Remove Scopes button to add the required scopes.
Scopes for Google APIs
Enter the required scopes for the Google service you want to connect to Execution Management System by checking the corresponding box for each required scope.
SERVICE/API
REQUIRED SCOPES
Gmail
https://mail.google.com/
https://www.googleapis.com/auth/gmail.labels
https://www.googleapis.com/auth/gmail.send
https://www.googleapis.com/auth/gmail.readonly
https://www.googleapis.com/auth/gmail.compose
https://www.googleapis.com/auth/gmail.insert
https://www.googleapis.com/auth/gmail.modify
https://www.googleapis.com/auth/gmail.metadata
Google Drive
https://www.googleapis.com/auth/drive
https://www.googleapis.com/auth/drive.readonly
For the Test Users section:
Note
The Optional Info section is displayed only for non-Google Workspace users and does not contain any required fields.
Warning
This step is required, otherwise, you won't be able to establish a connection with Execution Management System.
Click Add users to add the email address associated with the Google account you want to connect to Execution Management System.
Open the Credentials settings page.
Note
If this is not the first API/SERVICE (Gmail or Google Drive) you have enabled, you don't have to create credentials, as you have already created the credentials previously.
Click + Create credentials, and select the OAuth client ID option.
Fill in the required fields as follows, then click Create.
Application type
Web applicationName
Enter the name you want for your application.
Authorized redirect URIs
Add one of the following URIs:
https://auth.redirect.celonis.cloud/oauth/cb/google-restricted - for Gmail or Google Drive
https://auth.redirect.celonis.cloud/oauth/cb/google/ - for other Google apps
OAuth redirect URI domain
Notice that the redirect URI starts with
https://www.integromat.cominstead ofhttps://www.make.com. This is currently a known issue in Make.Make was formerly called Integromat, which means you can trust this URL as much as any Make URL.
A dialog containing the app's Client ID and Client Secret is displayed.
Go to your Execution Management System Action Flow and choose the Google module you want to use.
Next to Connection, click Add.
Click Show advanced settings.
Enter the Client ID and Client Secret you retrieved in step 14 (above) to the respective fields, then click Continue.
Sign in with your Google account.
The This app isn't verified window appears.
Note
The app = your OAuth client you have created above.
Click Advanced, and then on the Go to Execution Management System (unsafe) link to allow access using your custom OAuth client.
Click Allow to grant Execution Management System permission.
Click Allow to confirm your choices.
You have now established the connection to the desired Google service using a custom OAuth client.
Common Problems
This happens rarely, but when it does, we recommend creating another OAuth client.
If this error message appears, you need to enable the corresponding API in your Google Cloud Platform.
 |
Google has added the required settings for the Consent screen. You'll need to add the email address associated with the Google account you want to connect with Execution Management System as a Test user.
Sign in to the Google Cloud Platform using your Google credentials.
Go to APIs & Services > OAuth consent screen.
In the Test Users section, click Add users to add a test user. Enter the email address associated with the Google account you want to connect with Execution Management System, and click Save.
Now, go to Execution Management System, and connect to the desired Google service.
Your connection has expired and is no longer valid. You need to reauthorize the connection.
This error affects non-Google Workspace accounts. For more details please refer to the Google OAuth documentation.
Solution
Note
Our tests have shown that it is currently possible to set your Publishing Status to In Production to avoid this weekly re-authentication.
In the Google Console click API &Services > OAuth consent screen. Under Publishing status, click Publish App and then Confirm.
Reauthorize your Google connection by following these steps:
Log in to Execution Management System.
Go to Connections.
Find your Google connection and click Reauthorize button.
Note
To prevent the expiration of your Google connection, we suggest you to reauthorize the connection every week.