Migrate Google applications from using the deprecated out-of-band (OOB) workflow

Google Application review applies to public applications and is not necessary for private applications. To use private applications, please use the same email to authenticate in Google Cloud console, and the applicable Google service (e.g., Ads, Analytics, Search Console, etc.).

Create the web application in Google Cloud console.

To determine if you use OOB workflow, check the redirect URI being used. If the redirect URI has one of the following values, then the application is using the OOB workflow.

• redirect_uri=urn:ietf:wg:oauth:2.0:oob
• redirect_uri=urn:ietf:wg:oauth:2.0:oob:auto
• redirect_uri=oob

Note: if you set up the connection for Data Virtuality Logical Data Warehouse connectors in 2021 and earlier, than there is a high chance that the application is using the OOB workflow, as it was the most convenient for the desktop applications.

Navigate to Google Cloud console, APIs & Services, Credentials, or simply click this link: https://console.cloud.google.com/apis/credentials

Select the appropriate project, and click “Create credentials”

Select OAuth Client ID in the credentials type. Pick Web application for the application type and give your application a descriptive name for further reference, e.g. DataVirtualityOAuth

We suggest using Google OAuth Playground (see step 2 for more details), as the most convenient way to receive Google credentials. You are free to create your own redirect URIs and use them, in this case specify them on this step. If you decide to follow the recommendation to use the Google OAuth Playground, specify https://developers.google.com/oauthplayground as a valid redirect URI in the application’s Allowed redirect URIs section. Please don’t confuse this section with the similar one, named Allowed JavaScript origins, which is not applicable to the current process.

You will have the similarly looking configuration:

Click Create. Note the Google warning that application can be created for the duration of up to several hours, however in our experience it takes just a few seconds.

You will get the popup window, which contains the credentials of the new application.

Download JSON to save the credentials securely in the password manager or use copy-and-paste option. Note that the credentials from the screenshot were invalidated before this article was published. Store the credentials securely.

Grant access to your application.

Navigate to the OAuth playground: https://developers.google.com/oauthplayground/

Select the necessary scopes on the left to proceed with the authentication.

• For Google Ads select AdWords API -> https://www.googleapis.com/auth/adwords
• For Google Analytics select Analytics Reporting API v4 -> https://www.googleapis.com/auth/analytics.readonly
• Refer to the applicable connector documentation if you need to figure out the right scopes for the appropriate connector. You can choose all scopes at once and reuse the same credentials for all Google connectors, if all scopes were granted on this step.

Click the gear icon on the right, enable checkbox “Use your own OAuth credentials” at the bottom of the popup window, and paste the credentials created on the following step.

When scopes are selected, and OAuth credentials pasted, click Authorize APIs on the left.

You will be prompted to authenticate with a Google account. This account must have access to the service which you are authenticating, e.g., Ads or Analytics. For private applications this email must be the same email you are using to authenticate in your Google Cloud console.

Agree with the prompt to provide applicable access you your application.

You will be redirected back to the OAuth playground, and the UI will automatically switch to Step 2, and fill the Authorization code. This is a disposable code, which will be valid for only a few minutes, so be sure to go to the next step without a prolonged delay.

Click the button below the code Exchange authorization code for tokens.

A request will be executed, and you will receive the two tokens: Refresh Token and Access Token.

Copy the Refresh token from the field below and store it securely. Refresh tokens start with 1// at time of this writing, however this may change in the future.

Expiration note applies to the access token only and does not apply to the refresh token.

Use the combination of the three values to authenticate the connector for Data Virtuality: Client Id, Client Secret, and the Refresh Token. Leave other credentials unchanged. Be sure to use the right property, when creating the connection. When you export the data source in Data Virtuality, Client Secret and Refresh Token will be exported as encrypted values. In order to submit the unencrypted values, you should not use encryptedProperties parameter. Use connectorOrResourceAdapterProperties instead.