integration-service
latest
false
UiPath logo, featuring letters U and I in white
Integration Service User Guide
Automation CloudAutomation Cloud Public SectorAutomation Suite
Last updated Nov 21, 2024

Gmail authentication

Prerequisites

Depending on the authentication type you select, you need one of the following credentials:

  • OAuth 2.0 Authorization code: Your Google email address and the password associated with your Google account.
  • Bring your own OAuth 2.0 app: Your application's Client ID and Client secret, and Scopes.
  • Service account: Service account key, Account email.

If your account is not enabled by Google:

  • Reach out to your administrator for approvals on creating connections.
  • Enable permission by checking the options available to allow creating a connection.

For more information on Gmail, visit the Gmail documentation website.

Scopes

The connector requests the following permissions/scopes:

  • UiPath public app default scopes: openid, https://www.googleapis.com/auth/userinfo.email, https://www.googleapis.com/auth/userinfo.profile, https://mail.google.com/, https://www.googleapis.com/auth/calendar, https://www.googleapis.com/auth/gmail.settings.basic.
  • Service account default scopes: openid, https://www.googleapis.com/auth/userinfo.email, https://www.googleapis.com/auth/userinfo.profile, https://mail.google.com/, https://www.googleapis.com/auth/calendar, https://www.googleapis.com/auth/gmail.settings.basic.
  • Bring your own OAuth 2.0 app:
    • Minimal scopes for creating a connection: openid, https://www.googleapis.com/auth/gmail.readonly.
    • Minimal list of scopes required for Gmail triggers:
      • openid, https://www.googleapis.com/auth/gmail.readonly – for event on mailboxes.
      • openid, https://www.googleapis.com/auth/calendar.readonly – for events on calendars.
Note: If you authenticate using Bring your own OAuth 2.0 app, you benefit by default from the scopes configured at app creation. If you want to use the default app permissions, you can declare a common scope. This means you use only the permissions configured for that application. You can also declare additional scopes at connection creation, using the Scopes field. You will then be asked to grant the additional consent during sign-in.

Connecting allows UiPath products to interact with Gmail data on your behalf. This may include read, write, modify and delete data, depending on your Gmail permissions. You can always remove any access in your Google Account.

Add the Gmail connection

  1. Select Integration Service from Automation CloudTM.

  2. From the Connectors list, select Gmail. You can also use the search bar to find the connector.
  3. Select the Add connection button.
  4. You are now redirected to the connection page. Select your preferred authentication type.

    If you select Bring your own OAuth 2.0 app, you must provide a Client ID and Client secret, and the Scopes you may need to interact with different activities. Check out the activities' documentation to see what scopes they require.

  5. Your connection has been added.

Bring your own OAuth 2.0 app

In Integration Service, when creating a connection to one of our Google API-based connectors, you can choose between two authentication options:
  • OAuth 2.0 Authorization code – which connects to the UiPath public application.

  • Bring your own OAuth 2.0 app – which connects to a private application you create.

To learn how to create an application, go to Google's official documentation and follow the described steps: Authentication – Sign In with Google for Web.

  • When configuring your application, set the Authorized redirect URIs field to: https://cloud.uipath.com/provisioning_/callback
Configuring Scopes

When you create a connection using Bring your own OAuth 2.0 app, you have to option to customize application scopes.

Refresh tokens for OAuth applications

Google has refresh token limitations for individual OAuth 2.0 client IDs. If the limit is reached, creating a new refresh token automatically invalidates the oldest refresh token without warning. This limit does not apply to service accounts (see Using OAuth 2.0 for Server-to-Server Applications). For more information, see Google's official documentation.

A list of reasons which can cause token expiry:
  • You have revoked your app's access.
  • The refresh token has not been used for six months.
  • You need to change passwords and the refresh token contains Gmail scopes.
  • Your account has exceeded a maximum number of granted (live) refresh tokens.
    • If you request a new token after the limit is exceeded, your old connection, based on a previously granted token, will expire. Only the new connection or the latest edited/reauthenticated connection (with the latest token) will work.
  • An admin has set any of the services requested in your application's scopes to Restricted (the error is admin_policy_enforced).
  • For Google Cloud Platform APIs: the session length set by the admin could have been exceeded.
Note: The limit is currently set to 100 refresh tokens per Google account per OAuth 2.0 client ID. This number can be subject to change. For the latest information, always check the Google documentation.

There is a larger limit on the total number of refresh tokens a user account or service account can have across all clients. Regular users won't exceed this limit, but a developer account used to test an implementation might.

To make sure this limit is not exceeded, UiPath offers users the ability to create their own OAuth applications and connect using the Bring your own app authentication type. Make sure to follow the best practices from Google when creating your OAuth application. For details on how to create an OAuth application, see Google's official documentation.

Warning: Token invalidation results in failed connections and automations are unable to run without fixing connections.

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.