Google Service Account and use with iHub Cloud
Service account is used to have system to system communication and is recommended for Google services using iHub.
There is two sides of the setup, one in iHub Cloud and one in Google Console
Google Console
Reference create a service account https://cloud.google.com/iam/docs/service-accounts-create
Goto Google Console
Create a project
Goto API & Services
Click Credentials
Click Create Credentials
Create a Service Account
Click on the Service User
Click Keys, create new
Download the Private Key as JSON
Enable the API that you want to access. example Google Sheets
For Google Docs, Sheets, Presentation etc share the resource with the service account to grant access
iHub Cloud
Goto Credentials
Click Add Credential button
Select JWT, enter a name Google JWT Sheets and click Create
Select RS256 as Algorithm
Google only supports Algorithm RS256
Paste the private key from the JSON file downloaded on step 4 in Google. It must start with
-----BEGIN PRIVATE KEY-----
and include all chars down to-----END PRIVATE KEY-----\n
Note the\n
MUST also be included. No other chars before or after can be added.Edit the claim to be as below, replace
iss
to theclient_email
in the JSON file. Replace or add to the scope property any additional scope using comma.{ "iss": "my-project@my-project.iam.gserviceaccount.com", "aud": "https://oauth2.googleapis.com/token", "iat": {{currentTimeSeconds}}, "exp": {{plus currentTimeSeconds 1200}}, "scope": "https://www.googleapis.com/auth/spreadsheets" }
Uncheck Encode secret with Base64
Clear the field Prefix Header, it must be empty.
Check the Use JWT as scope variable instead of authorization header
Click save
This will now create a JWT token as a scope variable that can be exchange to an access token.
Use {{JWT}}
to use the JWT in the actions.
Â
Exchange JWT to Access token
Goto Integrations in iHub
Click Create Integration button
Click Triggers, select when to trigger the integration, like an issue event
Click Add new action
Give it a name like Exhange JWT to Access Token
Select POST as method
Enter https://oauth2.googleapis.com/token in the URL field
Select Authorization Google JWT Sheets [JWT]
Select the radio button x-www-form-urlencoded
Enter the the following JSON
{ "grant_type":"urn:ietf:params:oauth:grant-type:jwt-bearer", "assertion":"{{JWT}}" }
Click Save
Test the exchange by clicking the play symbol.
View the Execution Log to see the result. If successful you will get a 200 OK with the access token
Use the access token to add a row in a Google Sheets
Click Add new action
Give it a name like Add issue to sheet
Select POST as method
Enter https://sheets.googleapis.com/v4/spreadsheets/{{GOOGLE_SHEET_ID_AS_IN_URL}}/values/A1:append?valueInputOption=RAW in the URL field
Expand headers and add
Key: Authorization and Value: Bearer {{access_token}}
the {{access_token}} will be replaced with the short lived token from the parent response.Enter the the following JSON
{ "values": [ [ "{{issue.key}}", "{{issue.summary}}" ] ] }
Click Save
This will now
Now when ever you create an issue it will trigger the integration, which will create the JWT token and exchange it to a access token. The access token is then used in the child action to perform the append of a row with issue data.
Â
References
https://developers.google.com/identity/protocols/oauth2/service-account#httprest
https://cloud.google.com/endpoints/docs/openapi/troubleshoot-jwt