Get gcp access token
Function: Get GCP Access Token
This function helps you securely connect to various Google Cloud Platform (GCP) services by obtaining a temporary access token. You provide your service account credentials, specify which Google service you want to access (e.g., Google Drive, BigQuery, Gmail), and optionally, if you want to act on behalf of another user. The function then generates an access token that you can use in subsequent actions to interact with the chosen GCP service.
Input
- Service user credentials (Type: OBJECT, Required): This is a special file (usually in JSON format) that contains the security keys for your Google Cloud service account. It tells Google who is trying to access its services. You must provide this.
- Delegated user (Type: STRING, Optional): If your service account needs to perform actions as if it were a specific user within your Google Workspace domain, enter that user's email address here. For example, if the service account needs to create a Google Drive file in a specific user's Drive.
- Scope (Type: SELECT_ONE, Required): This defines what Google service and what level of access the generated token will have. You must choose one from the dropdown list. The default selection is
Drive(full access to Google Drive). Examples include:Bigquery: Access to Google BigQuery data warehousing.Drive: Full access to Google Drive files and folders.Drive \(Read\): Read-only access to Google Drive files and folders.Gmail: Full access to Gmail.Gmail \(Read\): Read-only access to Gmail.Cloud platform: Broad access to many Google Cloud services.- ... and many more options for various Google services like Calendar, Contacts, Photos, YouTube, Docs, Forms, etc.
Output
- Access Token (Type: STRING): This is the actual temporary access token generated by Google. It's a long string of characters that acts like a key, allowing you to make requests to the specified Google service. By default, this token will be stored in a variable named
ACCESS_TOKEN, but you can choose a different name if you prefer.
Execution Flow
Real-Life Examples
Example 1: Accessing Google Drive to manage files
- Inputs:
- Service user credentials:
\{
"type": "service_account",
"project_id": "your-gcp-project-id",
"private_key_id": "...",
"private_key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n",
"client_email": "your-service-account@your-gcp-project-id.iam.gserviceaccount.com",
"client_id": "...",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/your-service-account%40your-gcp-project-id.iam.gserviceaccount.com",
"universe_domain": "googleapis.com"
\} - Delegated user: (Leave empty)
- Scope:
Drive(Full access to Google Drive)
- Service user credentials:
- Result: A new variable named
ACCESS_TOKENwill be created, containing a valid token that can be used to create, modify, or delete files and folders in the service account's Google Drive.
Example 2: Reading data from Google BigQuery
- Inputs:
- Service user credentials: (Same JSON structure as Example 1, but for a service account with BigQuery permissions)
- Delegated user: (Leave empty)
- Scope:
Bigquery
- Result: A new variable named
ACCESS_TOKENwill be created, containing a valid token that can be used to query and retrieve data from Google BigQuery datasets that the service account has access to.
Example 3: Sending emails via Gmail on behalf of a user
- Inputs:
- Service user credentials: (Same JSON structure as Example 1, but for a service account with domain-wide delegation enabled and Gmail API permissions)
- Delegated user:
john.doe@yourcompany.com - Scope:
Gmail \(Send\)
- Result: A new variable named
ACCESS_TOKENwill be created, containing a valid token that allows your application to send emails fromjohn.doe@yourcompany.comusing the Gmail API.