Question

How to create OAuth credentials and authorize Gmail in FME Server?

  • 30 June 2017
  • 6 replies
  • 27 views
D

I have posted a workspace to FME Server that uses the Emailer transformer.

In the desktop version I have used Gmail as the email service and everything works fine from FME Desktop 2017.

When the workspace is published to FME Server, the Gmail account in the Web Connections needs to be authorized. Under Web Connections, I went to Manage Web Service and selected the Google Gmail service. This is asking for a Client id, Client Secret and Redirect URI.

My understanding is that I need to associate the Gmail API with my Gmail account and create the OAuth parameters from Google Developers Console. https://console.developers.google.com

In the Google Console I did the following steps:

1. Created a new project (mine is called fmecloud).

2. Went to API Manager page and selected, Enable API and selected the Gmail API.

3. Selected 'Create Credentials' and then "OAuth client ID'.

4. For Application Type, selected 'Other' and named it fmecloud.

This generated an OAuth client id and client secret. I selected OK and then downloaded the JSON file which contains the client_id, client_secret and redirect_uris. I then went back to the Manage Web Service page in FME Server, selected the Gmail service and copied in the values.

From the Web Connections page, I selected my Gmail account and Authorize which took me to a login page where I entered my Gmail password. This returned a code with instructions to "switch to your application and paste it there".

Where are you supposed to paste this code?

6 replies

fmelizard
Rank
Userlevel 4
Badge +13

Hi @davebranson Thanks for askign this.

 

 

I think that everything is going well up to step 4. I think here we need to select 'Web Application' rather than other. Here you can enter in the Redirect URI which should be something like:
<name_of_instance>-<name_of_account>.fmecloud.safe.com/fmeoauth

See here for a general approach 

0684Q00000ArLDbQAN.png

The Authorized JavaScript origins can be left blank

Hitting Create will give you the client secret and the client Id.

Now you should have all the details you need for the connection in FME Cloud.

0684Q00000ArLLfQAN.png

Maybe @GerhardAtSafe can add something here if I've missed anything out. 

G
Badge

Hi @davebranson Thanks for askign this.

 

 

I think that everything is going well up to step 4. I think here we need to select 'Web Application' rather than other. Here you can enter in the Redirect URI which should be something like:
<name_of_instance>-<name_of_account>.fmecloud.safe.com/fmeoauth

See here for a general approach 

0684Q00000ArLDbQAN.png

The Authorized JavaScript origins can be left blank

Hitting Create will give you the client secret and the client Id.

Now you should have all the details you need for the connection in FME Cloud.

0684Q00000ArLLfQAN.png

Maybe @GerhardAtSafe can add something here if I've missed anything out. 

Hi @MattAtSafe,

 

this looks great. If client ID, client secret & redirect URI match the Web Connection will work.
D

I have created new credentials using the web application selection instead.

This time I also inserted the Redirect URI into the credentials using the format ...

https://fieldtrace-fieldtraks.fmecloud.safe.com/fmeoauth

When I attempt to authorize the account I get the following error ...

What did I miss?

G
Badge

Hi @davebranson,

the link in the error page that you see will bring you to the OAuth Developer Verification Form. According to what I read on Google, this is a security measure that is needed for some specific scopes of Google and using the Gmail API is one of them. So right now, it seems like the Gmail web connection can not be used on FME Server without submitting this form or joining the Google Group 'Risky Access Permissions By Unreviewed Apps' with the accounts you want to test the Gmail API. We will do some testing regarding this and I will let you know if there is a workaround.

D

Through a lot of trial and error I was able to get it working, however because I tried so many different paths I'm not sure how to direct someone to replicate it.

What seems to have worked was to:

1. go the Google IAM & Admin page and create a Google Cloud Organization.

2. Added our web site domain as the IAM domain address and created a new email address.

3. Set up permissions by downloading a HTML file and posting it to our website for verification.

4. Added my personal Gmail account as a member.

5. Created a new project (ie., fmecloud) and went through the steps outlined above to create a new client ID & client secret.

The steps for creating the Google project and enabling the Gmail API are complicated so if someone could outline a step by step guide it would really help.

One item above that I believe is an error, is the redirect URI.

I believe that:

<name_of_instance>-<name_of_account>.fmecloud.safe.com/fmeoauth

should be the FME Server address (not the console address):

<name_of_instance>-<name_of_account>.fmecloud.com/fmeoauth

G
Badge

Through a lot of trial and error I was able to get it working, however because I tried so many different paths I'm not sure how to direct someone to replicate it.

What seems to have worked was to:

1. go the Google IAM & Admin page and create a Google Cloud Organization.

2. Added our web site domain as the IAM domain address and created a new email address.

3. Set up permissions by downloading a HTML file and posting it to our website for verification.

4. Added my personal Gmail account as a member.

5. Created a new project (ie., fmecloud) and went through the steps outlined above to create a new client ID & client secret.

The steps for creating the Google project and enabling the Gmail API are complicated so if someone could outline a step by step guide it would really help.

One item above that I believe is an error, is the redirect URI.

I believe that:

<name_of_instance>-<name_of_account>.fmecloud.safe.com/fmeoauth

should be the FME Server address (not the console address):

<name_of_instance>-<name_of_account>.fmecloud.com/fmeoauth

Hi @davebranson

 

You are right it should be the Server address: .fmecloud.com/fmeoauth

 

Reply


Community Stats

28,707
Posts
109,478
Replies
36,551
Members
Terms & ConditionsCookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.