Google Login Connector

The Google Login connector authenticates users with Google and retrieves user attributes for use in DaVinci flows.

Setup

Resources

You can find more information and setup help in the following:

DaVinci documentation:

Requirements

To use the connector, you’ll need:

A Google account.

Configuring Google as an IdP

Before configuring the Google Login connector in DaVinci, register the application in the Google API Console and collect the values that Google generates to configure Google as an identity provider (IdP).

You’ll complete two tasks in the Google API Console:

Registering the application with Google
Enabling the Google People API

Registering the application with Google

When you register your application, Google generates an App ID and App Secret for the application. You’ll need these values to connect the application to DaVinci.

Steps

Go to the Google API Console.

If you haven’t created a Google account, you can do so now.
In the Projects list, select a project or create a new one.
On the left, click Credentials.
Click Create credentials, then select OAuth client ID.

If you’re prompted to configure an OAuth consent screen with information about your application, you can do that now.
Select the appropriate application type for your project and enter the following information:
- Name: The name of the OAuth client ID, not the display name of the application.
- Authorized JavaScript origins: The origin URI of the client application, for use with requests from a browser.
- Authorized redirect URIs: The path in your application that users are redirected to after they authenticate with Google. This is your DaVinci Redirect URL: https://auth.pingone.com/[companyID]/davinci/oauth2/callback.
Click Create.
On the OAuth client page, copy the client ID and client secret to a secure location.

You can always access the client ID and client secret from the Credentials page in the API Console.

Next steps

Learn more in Manage OAuth Clients in the Google Cloud Platform Console Help documentation.

Enabling the Google People API

You must enable the Google People API if it’s not enabled already.

Steps

Go to the Google API Console.
In the Projects list, select a project or create a new one.
On the left, click Library.
Locate the Google People API.

If you need help finding the API, use the search bar.
Click Enable.

Next steps

Learn more in Enable and disable APIs in the Google API Console Help documentation.

Add the connector in DaVinci as shown in Adding a connector, then configure it as follows.

Connector configuration

Use the values from Google to populate the connector’s general properties.

Property Description

Property	Description
DaVinci Redirect URL	`https://auth.pingone.com/[companyID]/davinci/oauth2/callback`
Issuer URL	`https://accounts.google.com`
Authorization Endpoint	`https://accounts.google.com/o/oauth2/auth`
Token Endpoint	`https://oauth2.googleapis.com/token`
UserInfo Endpoint	`https://www.googleapis.com/oauth2/v3/userinfo`
App ID	The Client ID that you copied earlier from the IdP. You can find this information on the Credentials page in the Google API Console.
Client Secret	The client secret that you copied earlier from the IdP. You can find this information on the Credentials page in the Google API Console.
Scope	The default scopes are `openid email profile`. Add additional scopes if you want to retrieve additional attributes that require specific permissions from Google.
Application Return to URL	The URL of the app that embeds the DaVinci flow. If you’re using redirect, leave this blank.

DaVinci Redirect URL

https://auth.pingone.com/[companyID]/davinci/oauth2/callback

Issuer URL

https://accounts.google.com

Authorization Endpoint

https://accounts.google.com/o/oauth2/auth

Token Endpoint

https://oauth2.googleapis.com/token

UserInfo Endpoint

https://www.googleapis.com/oauth2/v3/userinfo

App ID

The Client ID that you copied earlier from the IdP. You can find this information on the Credentials page in the Google API Console.

Client Secret

The client secret that you copied earlier from the IdP. You can find this information on the Credentials page in the Google API Console.

Scope

The default scopes are openid email profile. Add additional scopes if you want to retrieve additional attributes that require specific permissions from Google.

Application Return to URL

The URL of the app that embeds the DaVinci flow. If you’re using redirect, leave this blank.

Attributes

On the Attributes tab, review the default attributes available from Google and define additional attributes when Google includes them in the ID token returned for the application.

Attribute mapping

On the Attribute Mapping tab, map the following default Google attributes to the DaVinci attributes:

Google Login Attributes DaVinci Attributes

Google Login Attributes	DaVinci Attributes
`sub`	`username`
`givenName`	`firstName`
`familyName`	`lastName`
`email`	`email`

sub

username

givenName

firstName

familyName

lastName

email

Using the connector in a flow

Redirecting users to Google

A screen capture of the Google redirect flow.

This flow redirects the user to Google for authentication. After the user signs in, DaVinci automatically completes the token exchange and returns identity claims to the flow for downstream logic.

Test the flow by clicking Save, Deploy, and Try Flow.

Capabilities

Google Login

Show details

Properties
Output Schema

Display Name button
showPoweredBy toggleSwitch
skipButtonPress toggleSwitch

output object
- at_hash string
- aud boolean
- azp boolean
- email string
- email_verified boolean
- exp number
- family_name string
- given_name string
- hd string
- iat number
- iss string
- locale string
- name string
- picture string
- sub string

Output Example

{
  "at_hash": "ISKFDARoPOftzcYcXWjDuw",
  "aud": "470515226752-ffprd36ul6trmb0gmcjv24jlv5v54efn.apps.googleusercontent.com",
  "azp": "470515226752-ffprd36ul6trmb0gmcjv24jlv5v54efn.apps.googleusercontent.com",
  "email": "johndoe@example.com",
  "email_verified": true,
  "exp": 1603874413,
  "family_name": "Doe",
  "given_name": "John",
  "hd": "example.com",
  "iat": 1603870813,
  "iss": "https://accounts.google.com",
  "locale": "en",
  "name": "John Doe",
  "picture": "https://lh3.googleusercontent.com/a-/imagehash",
  "sub": "123456789012345678901"
}

Get User Info from Google

Show details

Properties
Output Schema

Display Name button
showPoweredBy toggleSwitch
skipButtonPress toggleSwitch

output object
- at_hash string
- aud boolean
- azp boolean
- email string
- email_verified boolean
- exp number
- family_name string
- given_name string
- hd string
- iat number
- iss string
- locale string
- name string
- picture string
- sub string

Output Example

{
  "at_hash": "ISKFDARoPOftzcYcXWjDuw",
  "aud": "470515226752-ffprd36ul6trmb0gmcjv24jlv5v54efn.apps.googleusercontent.com",
  "azp": "470515226752-ffprd36ul6trmb0gmcjv24jlv5v54efn.apps.googleusercontent.com",
  "email": "johndoe@example.com",
  "email_verified": true,
  "exp": 1603874413,
  "family_name": "Doe",
  "given_name": "John",
  "hd": "example.com",
  "iat": 1603870813,
  "iss": "https://accounts.google.com",
  "locale": "en",
  "name": "John Doe",
  "picture": "https://lh3.googleusercontent.com/a-/imagehash",
  "sub": "123456789012345678901"
}

Connectors

Google Login Connector

Setup

Resources

Requirements

Configuring Google as an IdP

Registering the application with Google

Steps

Next steps

Enabling the Google People API

Steps

Next steps

Configuring the Google Login connector

Connector configuration

Attributes

Attribute mapping

Using the connector in a flow

Redirecting users to Google

Capabilities

Google Login

Get User Info from Google