Google: OAuth2 generic

This document contains instructions for creating a generic OAuth2 Google credential for use with custom operations.

n8n 云服务用户注意事项

对于以下节点，您可以通过在 OAuth 部分中选择使用 Google 登录来进行身份验证：

• Google 日历
• Google 联系人
• Google 云端硬盘
• Google 邮件
• Google 表格
• Google 表格触发器
• Google 任务

Prerequisites

• Create a Google Cloud account.

Set up OAuth

There are five steps to connecting your n8n credential to Google services:

1. Create a Google Cloud Console project.
2. Enable APIs.
3. Configure your OAuth consent screen.
4. Create your Google OAuth client credentials.
5. Finish your n8n credential.

Create a Google Cloud Console project

First, create a Google Cloud Console project. If you already have a project, jump to the next section:

1. 使用您的 Google 凭据登录到您的 Google Cloud 控制台。
2. 在顶部菜单中，选择顶部导航中的项目下拉菜单并选择新建项目，或直接转到新建项目页面。
3. 输入项目名称并为您的项目选择位置。
4. 选择创建。

5. 检查顶部导航并确保项目下拉菜单已选择您的项目。如果没有，请选择您刚创建的项目。

   

   检查 Google Cloud 顶部导航中的项目下拉菜单

Enable APIs

With your project created, enable the APIs you'll need access to:

1. 访问您的 Google Cloud 控制台 - 库。确保您在正确的项目中。

   

   检查 Google Cloud 顶部导航中的项目下拉菜单

2. 转到 API 和服务 > 库。
3. 搜索并选择您要启用的 API。例如，对于 Gmail 节点，搜索并启用 Gmail API。

4. 某些集成需要其他 API 或需要您请求访问权限：

   • Google Perspective：请求 API 访问权限。
   • Google Ads：获取开发者令牌。

   需要 Google Drive API

   以下集成除了需要自己的 API 外，还需要 Google Drive API：

   • Google Docs
   • Google Sheets
   • Google Slides

   Google Vertex AI API

   除了 Vertex AI API，您还需要启用 Cloud Resource Manager API。

5. 选择启用。

Configure your OAuth consent screen

If you haven't used OAuth in your Google Cloud project before, you'll need to configure the OAuth consent screen:

1. Access your Google Cloud Console - Library. Make sure you're in the correct project.

   

   Check the project dropdown in the Google Cloud top navigation

2. Open the left navigation menu and go to APIs & Services > OAuth consent screen.
3. Select Get started to begin configuring OAuth consent.
4. Enter an App name and User support email to include on the Oauth screen.
5. For the Audience, select Internal for user access within your organization's Google workspace or External for any user with a Google account. Refer to Google's User type documentation for more information on user types.
6. Select the Email addresses Google should use to contact you about changes to your project.
7. Read and accept the Google's User Data Policy and select Create.
8. In the left-hand menu, select Branding.
9. In the Authorized domains section, select Add domain:
   • If you're using n8n's Cloud service, add n8n.cloud
   • If you're self-hosting, add the domain of your n8n instance.
10. Select Save at the bottom of the page.

Create your Google OAuth client credentials

Next, create the OAuth client credentials in Google:

1. In the APIs & Services section, select Credentials.
2. Select + Create credentials > OAuth client ID.
3. In the Application type dropdown, select Web application.
4. Google automatically generates a Name. Update the Name to something you'll recognize in your console.
5. From your n8n credential, copy the OAuth Redirect URL. Paste it into the Authorized redirect URIs in Google Console.
6. Select Create.

Finish your n8n credential

With the Google project and credentials fully configured, finish the n8n credential:

1. From Google's OAuth client created modal, copy the Client ID. Enter this in your n8n credential.
2. From the same Google modal, copy the Client Secret. Enter this in your n8n credential.
3. You must provide the scopes for this credential. Refer to Scopes for more information. Enter multiple scopes in a space-separated list, for example:

   https://www.googleapis.com/auth/gmail.labels https://www.googleapis.com/auth/gmail.addons.current.action.compose
   

4. In n8n, select Sign in with Google to complete your Google authentication.
5. Save your new credentials.

Video

The following video demonstrates the steps described above:

Scopes

Google services have one or more possible access scopes. A scope limits what a user can do. Refer to OAuth 2.0 Scopes for Google APIs for a list of scopes for all services.

n8n doesn't support all scopes. When creating a generic Google OAuth2 API credential, you can enter scopes from the Supported scopes list below. If you enter a scope that n8n doesn't already support, it won't work.

Supported scopes

Service	Available scopes
Gmail	https://www.googleapis.com/auth/gmail.labels https://www.googleapis.com/auth/gmail.addons.current.action.compose https://www.googleapis.com/auth/gmail.addons.current.message.action https://mail.google.com/ https://www.googleapis.com/auth/gmail.modify https://www.googleapis.com/auth/gmail.compose
Google Ads	https://www.googleapis.com/auth/adwords
Google Analytics	https://www.googleapis.com/auth/analytics https://www.googleapis.com/auth/analytics.readonly
Google BigQuery	https://www.googleapis.com/auth/bigquery
Google Books	https://www.googleapis.com/auth/books
Google Calendar	https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/calendar.events
Google Cloud Natural Language	https://www.googleapis.com/auth/cloud-language https://www.googleapis.com/auth/cloud-platform
Google Cloud Storage	https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/cloud-platform.read-only https://www.googleapis.com/auth/devstorage.full_control https://www.googleapis.com/auth/devstorage.read_only https://www.googleapis.com/auth/devstorage.read_write
Google Contacts	https://www.googleapis.com/auth/contacts
Google Docs	https://www.googleapis.com/auth/documents https://www.googleapis.com/auth/drive https://www.googleapis.com/auth/drive.file
Google Drive	https://www.googleapis.com/auth/drive https://www.googleapis.com/auth/drive.appdata https://www.googleapis.com/auth/drive.photos.readonly
Google Firebase Cloud Firestore	https://www.googleapis.com/auth/datastore https://www.googleapis.com/auth/firebase
Google Firebase Realtime Database	https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/firebase.database https://www.googleapis.com/auth/firebase
Google Perspective	https://www.googleapis.com/auth/userinfo.email
Google Sheets	https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/spreadsheets
Google Slide	https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/presentations
Google Tasks	https://www.googleapis.com/auth/tasks
Google Translate	https://www.googleapis.com/auth/cloud-translation
GSuite Admin	https://www.googleapis.com/auth/admin.directory.group https://www.googleapis.com/auth/admin.directory.user https://www.googleapis.com/auth/admin.directory.domain.readonly https://www.googleapis.com/auth/admin.directory.userschema.readonly

Troubleshooting

Google hasn't verified this app

如果使用 OAuth 身份验证方法，您可能会看到警告Google 尚未验证此应用。要避免这种情况，您可以从您想要进行身份验证的同一账户创建 OAuth 凭据。

如果您需要使用由其他账户（开发者或其他第三方）生成的凭据，请按照 Google Cloud 文档 | 授权错误：Google 尚未验证此应用中的说明操作。

Google Cloud app becoming unauthorized

对于发布状态设置为测试且用户类型设置为外部的 Google Cloud 应用，同意和令牌会在七天后过期。有关更多信息，请参阅 Google Cloud Platform 控制台帮助 | 设置您的 OAuth 同意屏幕。要解决此问题，请在 n8n 凭据模态框中重新连接应用。