Google:OAuth2 通用#
¥Google: OAuth2 generic
本文档包含创建用于 自定义操作 的通用 OAuth2 Google 凭据的说明。
¥This document contains instructions for creating a generic OAuth2 Google credential for use with custom operations.
Note for n8n Cloud users
For the following nodes, you can authenticate by selecting Sign in with Google in the OAuth section:
先决条件#
¥Prerequisites
- 创建 Google Cloud 账户。
¥Create a Google Cloud account.
设置 OAuth#
¥Set up OAuth
将 n8n 凭据连接到 Google 服务共有五个步骤:
¥There are five steps to connecting your n8n credential to Google services:
¥Create a Google Cloud Console project. 2. 启用 API。
¥Enable APIs. 3. 配置 OAuth 授权页面。
¥Configure your OAuth consent screen. 4. 创建你的 Google OAuth 客户端凭据。
¥Create your Google OAuth client credentials. 5. 完成 n8n 凭据。
创建 Google Cloud Console 项目#
¥Create a Google Cloud Console project
首先,创建一个 Google Cloud Console 项目。如果你已有项目,请跳转至 下一节:
¥First, create a Google Cloud Console project. If you already have a project, jump to the next section:
- Log in to your Google Cloud Console using your Google credentials.
- In the top menu, select the project dropdown in the top navigation and select New project or go directly to the New Project page.
- Enter a Project name and select the Location for your project.
- Select Create.
-
Check the top navigation and make sure the project dropdown has your project selected. If not, select the project you just created.
Check the project dropdown in the Google Cloud top navigation
启用 API#
¥Enable APIs
创建项目后,启用你需要访问的 API:
¥With your project created, enable the APIs you'll need access to:
- Access your Google Cloud Console - Library. Make sure you're in the correct project.
Check the project dropdown in the Google Cloud top navigation - Go to APIs & Services > Library.
- Search for and select the API(s) you want to enable. For example, for the Gmail node, search for and enable the Gmail API.
-
Some integrations require other APIs or require you to request access:
- Google Perspective: Request API Access.
- Google Ads: Get a Developer Token.
Google Drive API required
The following integrations require the Google Drive API, as well as their own API:
- Google Docs
- Google Sheets
- Google Slides
Google Vertex AI API
In addition to the Vertex AI API you will also need to enable the Cloud Resource Manager API.
-
Select ENABLE.
配置 OAuth 授权页面#
¥Configure your OAuth consent screen
如果你之前未在 Google Cloud 项目中使用过 OAuth,则需要执行 配置 OAuth 授权同意页面:
¥If you haven't used OAuth in your Google Cloud project before, you'll need to configure the OAuth consent screen:
- 访问你的 Google Cloud 控制台 - 库。确保你位于正确的项目中。
¥Access your Google Cloud Console - Library. Make sure you're in the correct project.
1 2 | |
- 打开左侧导航菜单,前往“API 和服务”>“OAuth 授权”屏幕。Google 会将你重定向到 Google Auth Platform 概览页面。
¥Open the left navigation menu and go to APIs & Services > OAuth consent screen. Google will redirect you to the Google Auth Platform overview page. 2. 在“概览”选项卡上选择“开始使用”以开始配置 OAuth 授权。
¥Select Get started on the Overview tab to begin configuring OAuth consent. 3. 请输入要显示在 OAuth 屏幕上的应用名称和用户支持邮箱。选择“下一步”继续。
¥Enter an App name and User support email to include on the Oauth screen. Select Next to continue. 4. 对于“受众”,请选择“内部”以允许组织内 Google 工作区的用户访问,或选择“外部”以允许任何拥有 Google 账户的用户访问。更多信息请参阅 Google 的 用户类型文档 文档,了解有关用户类型的信息。选择“下一步”继续。
¥For the Audience, select Internal for user access within your organization's Google workspace or External for any user with a Google account. Refer to Google's User type documentation for more information on user types. Select Next to continue. 5. 选择 Google 用于就你的项目更改与你联系的电子邮件地址。选择“下一步”继续。
¥Select the Email addresses Google should use to contact you about changes to your project. Select Next to continue. 6. 阅读并接受 Google 的用户数据政策。选择“继续”,然后选择“创建”。
¥Read and accept the Google's User Data Policy. Select Continue and then select Create. 7. 在左侧菜单中,选择“品牌”。
¥In the left-hand menu, select Branding. 8. 在“授权域”部分,选择“添加域”。
¥In the Authorized domains section, select Add domain:
-
如果你使用的是 n8n 云服务,请添加
n8n.cloud。¥If you're using n8n's Cloud service, add
n8n.cloud -
如果你使用的是 self-hosting,请添加你的 n8n 实例的域名。
¥If you're self-hosting, add the domain of your n8n instance. 9. 选择页面底部的“保存”。
¥Select Save at the bottom of the page.
创建你的 Google OAuth 客户端凭据#
¥Create your Google OAuth client credentials
接下来,在 Google 中创建 OAuth 客户端凭据:
¥Next, create the OAuth client credentials in Google:
- 访问你的 Google Cloud 控制台。确保你位于正确的项目中。
¥Access your Google Cloud Console. Make sure you're in the correct project. 2. 在“API 和服务”部分,选择 凭据。
¥In the APIs & Services section, select Credentials. 3. 选择“+ 创建凭据”>“OAuth 客户端 ID”。
¥Select + Create credentials > OAuth client ID. 4. 在“应用类型”下拉菜单中,选择“Web 应用”。
¥In the Application type dropdown, select Web application. 5. Google 会自动生成一个名称。将名称更新为你可以在控制台中识别的名称。
¥Google automatically generates a Name. Update the Name to something you'll recognize in your console. 6. 从你的 n8n 凭据中,复制 OAuth 重定向 URL。将其粘贴到 Google 管理中心的“已授权重定向 URI”字段中。
¥From your n8n credential, copy the OAuth Redirect URL. Paste it into the Authorized redirect URIs in Google Console. 7. 选择“创建”。
¥Select Create.
完成 n8n 凭据#
¥Finish your n8n credential
完成 Google 项目和凭据配置后,完成 n8n 凭据配置:
¥With the Google project and credentials fully configured, finish the n8n credential:
- 从 Google OAuth 客户端创建的模态框中,复制客户端 ID。请将以下内容输入到你的 n8n 凭据中。
¥From Google's OAuth client created modal, copy the Client ID. Enter this in your n8n credential. 2. 在同一个 Google 弹窗中,复制客户端密钥。请将以下内容输入到你的 n8n 凭据中。
¥From the same Google modal, copy the Client Secret. Enter this in your n8n credential. 3. 你必须为此凭据提供作用域。有关更多信息,请参阅 作用域。以空格分隔的列表形式输入多个作用域,例如:
¥You must provide the scopes for this credential. Refer to Scopes for more information. Enter multiple scopes in a space-separated list, for example:
1 | |
¥In n8n, select Sign in with Google to complete your Google authentication. 5. 保存新凭据。
¥Save your new credentials.
视频#
¥Video
以下视频演示了上述步骤:
¥The following video demonstrates the steps described above:
作用域#
¥Scopes
Google 服务具有一个或多个可能的访问范围。作用域限制用户可以执行的操作。请参阅 OAuth 2.0 Google API 权限范围 获取所有服务的作用域列表。
¥Google services have one or more possible access scopes. A scope limits what a user can do. Refer to OAuth 2.0 Scopes for Google APIs for a list of scopes for all services.
n8n 不支持所有作用域。创建通用 Google OAuth2 API 凭据时,你可以从下方的“支持的范围”列表中选择范围。如果你输入 n8n 尚不支持的范围,则连接将无法正常工作。
¥n8n doesn't support all scopes. When creating a generic Google OAuth2 API credential, you can enter scopes from the Supported scopes list below. If you enter a scope that n8n doesn't already support, it won't work.
Supported scopes
| Service | Available scopes |
|---|---|
| Gmail |
|
| Google Ads |
|
| Google Analytics |
|
| Google BigQuery |
|
| Google Books |
|
| Google Calendar |
|
| Google Cloud Natural Language |
|
| Google Cloud Storage |
|
| Google Contacts |
|
| Google Docs |
|
| Google Drive |
|
| Google Firebase Cloud Firestore |
|
| Google Firebase Realtime Database |
|
| Google Perspective |
|
| Google Sheets |
|
| Google Slide |
|
| Google Tasks |
|
| Google Translate |
|
| GSuite Admin |
|
故障排除#
¥Troubleshooting
Google 尚未验证此信息应用#
¥Google hasn't verified this app
If using the OAuth authentication method, you might see the warning Google hasn't verified this app. To avoid this:
- If your app User Type is Internal, create OAuth credentials from the same account you want to authenticate.
- If your app User Type is External, you can add your email to the list of testers for the app: go to the Audience page and add the email you're signing in with to the list of Test users.
If you need to use credentials generated by another account (by a developer or another third party), follow the instructions in Google Cloud documentation | Authorization errors: Google hasn't verified this app.
Google Cloud 应用未授权#
¥Google Cloud app becoming unauthorized
For Google Cloud apps with Publishing status set to Testing and User type set to External, consent and tokens expire after seven days. Refer to Google Cloud Platform Console Help | Setting up your OAuth consent screen for more information. To resolve this, reconnect the app in the n8n credentials modal.