More Information

This section provides additional information on the Google Authorization SDK.

• Prerequisites: Desktop agent version must be equal to or greater than 3.16.X and Google Authorization SDK version must be equal to or greater than 1.38.X to fix scope issues for Gmail.

• If the Authorize Google (OAuth Client ID) activity is used, the scope https://www.googleapis.com/auth/userinfo.email is included implicitly to get email ID of the authorized user.

• If the Authorize Google (OAuth Client ID) activity is used for unattended scenarios, the storeRefreshToken must be set to true as part of the activity's input parameters. Note that each unique combination of the userEmail, scopes, and client_id (present in the file specified in the clientCredentialFilePath) is considered different and requires a separate authorization.

• If the storeRefreshToken is set to true as part of the Authorize Google (OAuth Client ID) activity's input parameters, it stores the refresh token corresponding to the userEmail, scopes, and client_id (present in the file specified in the clientCredentialFilePath) in the Windows Credential Manager under Generic Windows Credentials starting with the prefix SPA_OAuth_Google_. This record will be removed when "Remove SAP Intelligent RPA credentials." option is selected during the uninstallation of the SAP Build Process Automation Desktop Agent.

• If domain-wide delegation is enabled for a service account in Google Cloud Platform (GCP), the bot can access the data of any user who belongs to the domain. This is the behavior defined by Google.

• The service account key file must be a valid JSON file downloaded from the GCP dashboard. The P12 file format is not supported.

• Scopes must be selected for Google products requested in the bot.

  • GmailScope: 'https://www.googleapis.com/auth/gmail.modify'

  • GoogleSheetsScope: 'https://www.googleapis.com/auth/spreadsheets'

  • GoogleDriveScope: 'https://www.googleapis.com/auth/drive'

  • GoogleCloudPlatformScope: 'https://www.googleapis.com/auth/cloud-platform'

  • GoogleCalendarScope: 'https://www.googleapis.com/auth/calendar'

• While using the activity from a specific module of the SDK, the corresponding scope will be added to the authorized activity. For example, for Gmail activities, include Gmail Scope in the authorization activity.

• User Email must be provided where data to be worked on belongs to individual users. For this, the domain-wide delegation must be enabled, and all scopes are required to be added to Google Admin Console. For more details, refer to the following link.

• The Desktop Agent executes automation. Therefore, automation with activities related to Google-related SDKs tries to contact Google services via the configured proxy. The configured proxy can use different types of authentications like basic password authentication, NTLM, Kerberos, and so on. With Desktop Agent 3, Google-related automation works fine even when the Desktop Agent is present behind a proxy. You must note that this is not supported with Desktop Agent 2. If the configured proxy uses basic authentication, it’s not guaranteed that Desktop Agent 2 can run the automation successfully.