Adapter Online Help > TDV Google Drive Adapter > Using OAuth Authentication > Custom Credentials
 
Custom Credentials
Authenticate with a User Account
Desktop Authentication with a Custom OAuth App
Follow the steps below to authenticate with the credentials for a custom OAuth app. See Creating a Custom OAuth App.
Get and Refresh the OAuth Access Token
After setting the following, you are ready to connect:
OAuthClientId: Set this to the client Id assigned when you registered your app.
OAuthClientSecret: Set this to the client secret assigned when you registered your app.
CallbackURL: Set this to http://localhost.
InitiateOAuth: Set this to GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken.
When you connect the adapter opens the OAuth endpoint in your default browser. Log in and grant permissions to the application. The adapter then completes the OAuth process:
1. Extracts the access token from the callback URL and authenticates requests.
2. Refreshes the access token when it expires.
3. Saves OAuth values in OAuthSettingsLocation to be persisted across connections.
Authenticate with a Service Account
Service accounts have silent authentication, without user authentication in the browser. You can also use a service account to delegate enterprise-wide access scopes to the adapter.
You need to create an OAuth application in this flow. See Creating a Custom OAuth App to create and authorize an app. You can then connect to Google Drive data that the service account has permission to access.
After setting the following connection properties, you are ready to connect:
InitiateOAuth: Set this to GETANDREFRESH.
OAuthClientId: Set this to the Client Id in your app settings.
OAuthClientSecret: Set this to the Client Secret in your app settings.
OAuthJWTCertType: Set this to "PEMKEY_FILE".
OAuthJWTCert: Set this to the path to the .pem file you generated.
OAuthJWTCertPassword: Set this to the password of the .pem file.
OAuthJWTCertSubject: Set this to "*" to pick the first certificate in the certificate store.
OAuthJWTSubject: Set this to the email address of the user for whom the application is requesting delegate access. Note that delegate access must be granted by an administrator.
When you connect the adapter completes the OAuth flow for a service account.
1. Creates and signs the JWT with the claim set required by the adapter.
2. Exchanges the JWT for the access token.
3. Saves OAuth values in OAuthSettingsLocation to be persisted across connections.
4. Submits the JWT for a new access token when the token expires.