In my project, I am using google workspace scope activity in both initialization and End state. I am using OAuth client ID and client secret from the client which was stored in windows credential manager and I am able to successfully retrieve and pass them to google workspace scope. The problem here is even though I have maintained same authentication scopes for all the google workspace scope, it is asking for re-authentication every time google workspace activity comes up. Ideally it is overwriting the token.
P.S: I cannot use the integration service and service account key as restricted by client environment. GS activity version = 3.1.21
Ideally for client id and secret auth you would not have any window pop up..it would come only for interactive sign in..can you show some screenshots of your scope please
It is asking for me to authenticate using google credentials, how it asks first time authentication to click on Allow but every time it is asking for this authentication.
The OAuth Client ID method works with all Google Workspace services; however, it’s recommended for attended automation because user consent is required before the robot can access the Google account.
If the Authorization Token isn’t refreshed for a certain number of days, it expires, and you must re-authenticate. To avoid the expiration of authorization tokens, run a robot with that specific connection. Running an automation with the Scope activity refreshes the authorization token.
The solutions will be:
Use Service account key
Use API Key
Use Integration Service for Automation Suite or Automation Cloud
But give a try for below also:
If OAuth needs to be used in Unattended automation and by different programs, then the following setup needs to be used across all programs:
DataStoreLocation = Orchestrator in the GSuite Application Scope activity. The token generated can be accessed by all users with rights to the folder.
OrchestratorFolderPath value should be the same for all the programs.
The following values should be the same in the ‘GSuite Application Scope’ activity for all the programs using the OAuth token:
Scopes (Manually select the scopes instead of Auto to ensure the scopes are the same)
Client ID-Client Secret
User
In the above setup, when the program is run for the first time, the prompt for User Consent is encountered. When consent is granted, the authorization token will be generated in the Orchestrator folder. All users with rights to the folder will have access to this token.
During subsequent executions, the program searches for an existing token using a hash of the ClientID-ClientSecret and User fields. If a match is found, the user consent prompt is not thrown and the authorization code in the Orchestrator folder is used.
We are running bot in attended mode. when it asks I gave authentication for first time for the GWS activity in initialization but when it comes to the End state there is another GWS activity which we have used to send email(So here it is asking for the consent again). In the intialization state itself I have given the required drive, mail, sheets in authentication scope.
I am using same scope for in End state as well but when I run this BOT for subsequent runs it is asking me for authentication/consent again after the first time consent has given.
P.S: I am using same client ID and client secret which was present in windows credentials, I am pulling those from Get secure credential activity and using the same. Connection Data Store location = Local Disk
I want to avoid the authentication consent for subsequent runs.
hey @Anil_G
I got your point but in Initialization state I am using Drive and Sheets related activities where as I am using Mail activities in End state. So as I can see there is no https://www.googleapis.com/auth/drive scope for in End state because it is automatically detecting in authentication scope, if I remove the drive scope in Init state that my drive activities won’t work.
That’s where I am confused what and all authentication scopes that I have to maintain in all the GWS activity as same to use G-drive activities, Mail activities, Sheet activities inside GWS.
add both mail and drive scopes in both the scopes so that the scope would not change..and as both scopes are present even if you dont use mail in first and drive in second it would still work..having extra scope would not cause any issue
