Ask AI
Skip to main content

Get gcp access token

Function: Get GCP Access Token

This action allows your application to securely obtain an access token for Google Cloud Platform (GCP) services. You can use this token to authenticate and interact with various Google APIs, such as BigQuery, Google Drive, Gmail, and more, without needing to handle complex authentication flows yourself. It's particularly useful when your application needs to perform actions on behalf of a service account or impersonate a specific user within your Google Cloud environment.

Input

  • Service user credentials (OBJECT): This is a required input. It's an object containing the authentication details for your GCP service account. This typically comes from a JSON key file downloaded from your Google Cloud Console.
  • Delegated user (STRING): This is an optional input. If your service account has domain-wide delegation enabled, you can provide the email address of a user you wish to impersonate. The access token will then grant permissions as if that user were performing the action.
  • Scope (SELECT_ONE): This is a required input. It defines the specific Google API services and the level of access (e.g., read-only, full access) that the generated access token will have. You must select one from the provided list of options.
    • Default Value: Drive

Output

  • Access Token (STRING): The generated access token. This token is a temporary credential that grants access to the specified Google Cloud services. It will be stored in a variable. By default, this variable will be named ACCESS_TOKEN, but you can choose a different name when configuring the action.

Execution Flow

Real-Life Examples

Example 1: Accessing Google Drive to manage files

Imagine you have an application that needs to automatically upload reports to a specific folder in Google Drive.

  • Inputs:
    • Service user credentials: 
      \{
        "type": "service_account",
        "project_id": "your-project-id",
        "private_key_id": "...",
        "private_key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n",
        "client_email": "[email protected]",
        "client_id": "...",
        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
        "token_uri": "https://oauth2.googleapis.com/token",
        "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
        "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/your-service-account%40your-project-id.iam.gserviceaccount.com"
      \}
    • Delegated user: (Leave empty)
    • Scope: Google drive
  • Result: An access token is generated and stored in a variable named ACCESS_TOKEN. This token can then be used in subsequent actions to upload, download, or manage files in Google Drive.

Example 2: Reading data from Google BigQuery for analytics

Your business intelligence dashboard needs to fetch fresh data from a Google BigQuery dataset every hour.

  • Inputs:
    • Service user credentials: (Your BigQuery service account JSON key) 
      \{
        "type": "service_account",
        "project_id": "analytics-project-123",
        "private_key_id": "...",
        "private_key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n",
        "client_email": "[email protected]",
        "client_id": "...",
        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
        "token_uri": "https://oauth2.googleapis.com/token",
        "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
        "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/bigquery-reader%40analytics-project-123.iam.gserviceaccount.com"
      \}
    • Delegated user: (Leave empty)
    • Scope: Bigquery
  • Result: An access token is generated and stored in a variable named BIGQUERY_TOKEN. This token can then be used by another action to query your BigQuery datasets and retrieve the latest analytical data.

Example 3: Sending emails via Gmail on behalf of a user

You have an automated workflow that sends personalized email notifications to customers. The emails should appear to come from a specific support agent's Gmail account.

  • Inputs:
    • Service user credentials: (Your service account JSON key with domain-wide delegation enabled) 
      \{
        "type": "service_account",
        "project_id": "email-automation-456",
        "private_key_id": "...",
        "private_key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n",
        "client_email": "[email protected]",
        "client_id": "...",
        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
        "token_uri": "https://oauth2.googleapis.com/token",
        "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
        "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/email-sender%40email-automation-456.iam.gserviceaccount.com"
      \}
    • Delegated user: [email protected]
    • Scope: Gmail \(Send\)
  • Result: An access token is generated and stored in a variable named GMAIL_SEND_TOKEN. This token, when used with a Gmail API action, will allow your application to send emails that appear to originate from [email protected].