Is there a possibility to realize a 2-legged OAuth v2 Authentication for Google APIs

[Ingo]

Hi everyone,

I am trying to build an application in RMP that can access multiple Google Apps of different users in my company. Meaning that I need generic access to multiple google accounts. For this purpose Google's API offers the possibility to create a so called Service account, for the purpose of Server-to-Server communication, as described right here: https://developers.google.com/identity/protocols/OAuth2ServiceAccount

To use this I need to generate a Json Web Token (JWT) and sign it with my private key that I get from Google Dev Console. After I have sent the JWT to Google's Oauth2 Authorization Server, I will receive an access token that allows me to access all the Google APIs in the name of my colleagues (If it is allowed by the admin and within a specified scope). Somehow comparable with an SSH connection where my public Key is on the remotely accessed machine.

So is there any posibility to generate this JWT? I mean there is an 2-leged Oauth Scheme option when creating a new Connector/Provider in RMP, but this seems to be for OAuth v1 and not for OAuth v2. And unfortunately its is not possible to put much computional logic in form of a javascript in my RMP process. To create the connector by hand, I need to be able to perform cryptographical operations, which is not possible due to the fact that I cannot access remote js libs without dynamically loading them with <html><script src ="abc.com/abc.js"></script>-tag. Anyways it would be stupid to put the private key as plain text in the webinterface of my process..

Do you guys plan to realize an Oauth v2 2-legged auth scheme? Or is there a workaround to solve this problem? I may have missed a possibility or functionality of RMP.

Sorry but I have to stress that: I DONT want to use the 3-legged Google OAuth v2 Authentication, where Google API is called on the behalf of a specific user. ;)

Thanks in advance and kind regards,

Ingo

[Bidisha Das]

Hi,

Please refer to : http://docs.runmyprocess.com/API_Reference/FM/Request.html#P_save_oauth2_token  for your query. Max size of token should be 64kb. If not,you can split the token and then put them in JSON object to store in vault. 

You can also check : https://groups.google.com/a/runmyprocess.com/forum/?hl=en&fromgroups=#!searchin/supportforum/P_save_oauth2_token(service$2C$20token)$20/supportforum/MivaM2ZcUXg/4-PZoWHlAgAJ

Let me know if I have misunderstood your requirement.

Thanks & Regards

Bidisha

[ingo....@esentri.com]

Hi Bidisha,

thank you very much for your reply. Unfortunately this was not helpful. But in the meantime I found an old thread in Google Groups that discusses exactly my problem:

(see: https://groups.google.com/a/runmyprocess.com/forum/#!msg/supportforum/DfE9yuJtQpc/QqMB526yvdQJ )

It seems that at the moment it is not possible to perform a 2-legged authentication with RMP. There are offered two workarounds:

1. Build a Webapp that creates the JWT and create a custom connector that fetches the token (not realy the high security solution)
2. Use an admin account that has access to all google users, you also need a hardcoded refreshtoken

I hope i did not get that wrong.

Thanks anyways and kind regards,

Ingo

[Bidisha Das]

Hi,

Yes,your understanding is correct.2-legged Oauth scheme has been deprecated by Google.So,RMP currently uses OAuth 2.0 authentication scheme to integrate with google.

You may also refer to http://docs.runmyprocess.com/Integration_Guide/OAuth2/Google which is for client-side applications.But anyways you can have some idea.You will need to build your own custom providers & connectors.

Thanks & Regards

Bidisha