Google Drive

Google Drive Folder Ids

Google Drive folders usually display the ID in the url while looking at them in the browser. The root folder ("My Drive") does not show its ID, however. In order to retrieve it, you will need to create a Content Service Connection and use it to retrieve the id using the following url in your browser.

simflofy-admin/api/repo/{googleConnectorId}/rootfolderid

---

Authentication Connection

There are currently two ways to connect to Google Drive. OAuth and Java Web Token. Both require creating a project and enabling the Google Drive API for that project.

First Step: Enabling Google APIS

Creating your Google Project

Navigate to Google Cloud Console and sign in with your organizational Google account.

Type in the name of your project such as "Simflofy". Then click Create

Enabling APIs

Go to the following link and click select for your project from the dropdown, then click Continue.

Next, click on libraries. Then select APIs.

In the next screen, search for "Google Drive" and click "Google Drive API" from the search results.

Then, click Enable.

Google Drive OAuth Connector

Use this method if you wish to authenticate as a specific user to access files and folders.

1. Navigate to the Google Cloud Console and sign in with your organizational Google account,
2. Select your project from the list.
3. Click APIs and Services in the sidebar.

You will now need to create an OAuth Consent Screen that will display when users attempt to authenticate using the app:

Setting up the OAuth Consent Screen

1. Click OAuth consent screen in the sidebar
2. Set user type to External
3. Set your Publishing Status to Testing
4. Set your app name. It can be whatever you wish unless...
   1. If you intend to use the Google Vision Text Extractor name the application *Simflofy-VisionTextExtractor/1.0** as that will affect the outcome of the vision tasks (Though those will only work if your project has a linked billing account and billing enabled).
5. Set the support email as the one you used to log in
6. At the bottom, fill in the support email address.
   1. The support email will be the email the user is directed to when they're directed to authorize Simflofy to transfer data.
7. Click Save and Continue
8. Set up scopes:

Click Add Scope and check

../auth/drive

Google Vision Scopes

If you intend to use Google Vision add the following scopes

../auth/cloud-platform ../auth/cloud-vision

Creating OAuth Credentials

1. Return to the APIs and Services Dashboard
2. Click Credentials
3. Click Create Credentials
4. Click OAuth Client Id
5. On the next screen, select Web Application
6. Give the credentials a name
7. Under Authorized Redirect URIs, add the following

http://{SIMFLOFY_SERVER}/simflofy-admin/authconn/oauthcb

Example. If you're running Simflofy on a local machine

http://localhost:8080/simflofy-admin/authconn/oauthcb

Loop back IP

127.0.0.1 will not work, but localhost will

8. Click Create
9. Your new credentials will appear under OAuth 2.0 Client IDs. Click the Download button on the right and retrieve the Client ID and Client Secret from the downloaded json file.

Creating your connector in Simflofy

1. Go to Connections > Authentication
2. Click Create new Authentication Connection
3. Select Google OAuth Connector
4. Fill in your client id and secret, then click Authenticate
5. You will be taken to the OAuth Consent Screen you set up earlier, click Allow
6. You will be returned to Simflofy, click Save

Completed Checklist

Ensure that you have all the following with your Google project:

• A Google Drive API listed in your dashboard under APIs and Services
• If using Vision Tasks: A Cloud Vision API listed in your dashboard under APIs and Services
• A Web Application OAuth 2.0 Client, listed under Credentials of your project.
  • This should have an authorized redirect URI with the following format: {SIMFLOFY_SERVER}/simflofy-admin/authconn/oauthcb
• A filled out OAuth consent form page with:
  • The ApplicationName " Simflofy-VisionTextExtractor/1.0 " if using Vision Tasks
  • A support email to be used on the consent screen
  • The email, profile, openid, ../auth/drive
    • If using Vision Tasks ../auth/cloud-vision, ../auth/cloud-platform
• In Simflofy, a Google OAuth Connector using the secret key and ID from your credentials you created, and the token fields are now populated.

Google Drive JWT Connector

Use this method if you wish to create a service user to interact with the data.

Creating The Service Account

1. Go to the APIs and Services Dashboard
2. Click Credentials
3. Click Create Credentials
4. Select Service Account
5. You will be asked you to assign roles to the account. Since we need wide-ranging access for now, we should choose Owner. This can be changed later.

6. The final screen invites other users to access this service account through their own service account portals. Use as needed for your organization.

7. Click DONE. You will be taken back to the service account list for the project.

Service Account Email Address

Make note of the email address of this user. Any folders or Shared Drives you wish to migrate will need to be shared with this user.

8. Click on the three dots under Actions, then click Manage Keys

9. Click ADD KEY then Create New Key, then select JSON

10. Click Create. You will download a json file to be used in the next step.

Creating your JWT Auth Connector in Simflofy

1. Go to Connections > Authentication
2. Create a Google JWT Auth Connector
3. Paste the content of that json file into the text box.
4. Click Save.

---

Discovery Connector

• Authentication Connection: The Google Drive authentication connection you want to use.
• Folder ID: The ID of the folder you wish to crawl.
• Shared Drive ID: If this is a shred drive, put the ID here.

---

Integration Connection

This is used to store and write content alongside its metadata to Google Drive.

• Connection Name: This is a unique name given to the connector instance upon creation.
• Description: A description of the connector to help identify it better.
• Authentication Connection: Your Google Drive Auth Connection

---

Job Configuration

Query (Repo)

• Query: A query written using Google Drive's query language
  • Not compatible with Folder ID list
• Crawl Queried Folders: If a queried object is a folder, crawl it.
• Folder / File Id's: A comma delimited list of IDs to retrieve or crawl
  • Completely overrides query
• This is a Shared Drive: Check if this is a shared drive in a Google Workspace
• The id of the shared drive: Required to crawl the drive. Can be found in the URL at the root of the drive
• Process Folders: Add folders to the document queue for processing
• Get Versions: Will retrieve available revisions. Note that Google Drive does not keep all revisions of a document.
• Get Permissions: Will retrieve permissions for each object, where available.

Output Specification

• Output Folder ID: ID of the target folder, can be retrieved through the Google Drive UI
• Include Un-Mapped Properties: If selected, all available properties will be added output file. Otherwise, only mapped properties will be included.
• This is a Shared Drive: Check if this is a shared drive in a Google Workspace
• The id of the shared drive: Required to crawl the drive. Can be found in the URL at the root of the drive
• Do not update property values if file already exists: Since there is only one set of metadata per document (not per revision), this will allow you to skip mappings if the document already exists
• Process permissions: Will take the ACL list of the document and attempt to apply these permissions in Google Drive.
• Notify users via email when they are added to a file: If a permission is successfully added, an email will be sent to the user.

Revisions (Versions)

If a document of the same name exists within a parent folder, the connector will attempt to create a new revision of the document, instead of uploading a new one. These revisions have the keepRevisionForever flag set to true, meaning Google Drive will not delete them automatically, as it does with most revisions. A document can have a maximum of 200 revisions.

Permissions

If the permission list is set on a document by the repository connection, Drive will attempt to set these permissions. It expects these permissions in the form `principal=permissions`. The principal must be an email address, and the allowed values for permissions are as follows:

Available for files:

• owner
• writer
• commenter
• reader

To manipulate this list, use a Javascript task. For more information on the ACL document field and the javascript task. Check our Developer Documents.

Here is an example of mapping permissions from Box to Google Drive

if (rd.getACL() != null) {
    var newAcl = [];
    for (var i in rd.getACL()) {
        var acl = rd.getACL()[i];
        var split = acl.split('=');
        var nRole = ''
        if (split[0] != 'AutomationUser_AAAAAAAAAA@boxdevedition.com') {//This is the service user for Box, so we'll skip it
            if (split[1] === 'editor') {
                nRole = 'writer';
            } else if (split[1] === 'owner') {
                nRole = 'owner';
            } else if (split[1] === 'previewer') {
                nRole = 'reader';
            } else if (split[1] === 'uploader') {
                nRole = 'writer';
            } else if (split[1] === 'previewer uploader') {
                nRole = 'reader';
            } else if (split[1] === 'viewer uploader') {
                nRole = 'reader';
            } else if (split[1] === 'co_owner') {
                nRole = 'writer';
            } else {
                nRole = 'reader';
            }
            newAcl.push(split[0] + '=' + nRole);
        }
    }
    rd.setACL(newAcl);
}

---

Content Services Connector

Connection Configuration

Root Folder ID: The root folder you wish to use for uploads using the connection

The methods currently supported for this connector are:

• Create File
• Create Folder
• Update File
• Update Properties
• Get File Content
• Get File Item
• Get Content
• Get Types
• Get Properties
• Get Root Folder ID
• List Folder Items
• Delete File
• Delete Folder
• Get ACL - User email addresses only
• Edit ACL - User email addresses only
• Delete ACL - Use GET to retrieve permission id for aclId parameter
• Check In
• Check Out
• Create Version
• Delete Version
• Get Version Properties
• Get Version Content
• List Versions
• Revert Version

---

Interacting with Shared Drives (3.1.2+)

tip

These cases assume that you are working with a Google Workspace and the credentials you supply are allowed to view/access Shared Drive information.

Get a Shared Drive Id

The idbypath endpoint can be used to retrieve the id of a Shared Drive in a Google Workspace. In order to do this the folderPath argument should be the name of the Shared Drive. Additionally, the argument isDrive should be included with the call with a value of true.

Shared Drive Permissions

Passing a shared drive id to the Get ACL method should produce a list of Shared Drive Members with their respective roles.

Need help integrating with Google Drive? We can help!