Google auth provider
The Google auth provider enables tools and agents to call Google/Google Workspace APIs on behalf of a user. Behind the scenes, the Arcade Engine and the Google auth provider seamlessly manage Google OAuth 2.0 authorization for your users.
Want to quickly get started with Google services in your agent or AI app? The pre-built Arcade Google toolkit is what you want!
What’s documented here
This page describes how to use and configure Google auth with Arcade.
This auth provider is used by:
- The Arcade Google toolkit, which provides pre-built tools for interacting with Google services
- Your app code that needs to call Google APIs
- Or, your custom tools that need to call Google APIs
Configuring Google auth
In a production environment, you will most likely want to use your own Google app credentials. This way, your users will see your application’s name requesting permission.
You can use your own Google credentials in both the Arcade Cloud and in a self-hosted Arcade Engine instance.
Before showing how to configure your Google app credentials, let’s go through the steps to create a Google app.
Create a Google app
- Follow Google’s guide to setting up OAuth credentials
- Choose the scopes (permissions) you need for your app
- At a minimum, you must enable these scopes:
https://www.googleapis.com/auth/userinfo.emailhttps://www.googleapis.com/auth/userinfo.profile
- Set the redirect URL to:
https://cloud.arcade.dev/api/v1/oauth/callback - Copy the client ID and client secret to use below
Next, add the Google app to your Arcade Engine configuration. You can do this in the Arcade Dashboard, or by editing the engine.yaml file directly (for a self-hosted instance).
Configuring your own Google Auth Provider in Arcade
There are two ways to configure your Google app credentials in Arcade:
- From the Arcade Dashboard GUI
- By editing the
engine.yamlfile directly (for a self-hosted Arcade Engine)
We show both options step-by-step below.
Configure Google Auth Using the Arcade Dashboard GUI
Access the Arcade Dashboard
To access the Arcade Cloud dashboard, go to api.arcade.dev/dashboard. If you are self-hosting, by default the dashboard will be available at http://localhost:9099/dashboard. Adjust the host and port number to match your environment.
Navigate to the OAuth Providers page
- Under the OAuth section of the Arcade Dashboard left-side menu, click Providers.
- Click Add OAuth Provider in the top right corner.
- Select the Included Providers tab at the top.
- In the Provider dropdown, select Google.
Enter the provider details
- Choose a unique ID for your provider (e.g. “my-google-provider”).
- Optionally enter a Description.
- Enter the Client ID and Client Secret from your Google app.
Create the provider
Hit the Create button and the provider will be ready to be used in the Arcade Engine.
When you use tools that require Google auth using your Arcade account credentials, the Arcade Engine will automatically use this Google OAuth provider. If you have multiple Google providers, see using multiple auth providers of the same type for more information.
Using Google auth in app code
Use the Google auth provider in your own agents and AI apps to get a user token for Google APIs. See authorizing agents with Arcade to understand how this works.
Use client.auth.start() to get a user token for Google APIs:
from arcadepy import Arcade
from google.oauth2.credentials import Credentials
from googleapiclient.discovery import build
client = Arcade() # Automatically finds the `ARCADE_API_KEY` env variable
user_id = "user@example.com"
"""
In this example, we will use Arcade to authenticate with Google and
retrieve Gmail messages.
There is a tool for that in the Arcade SDK, which simplifies the process for
you to retrieve email messages either through our Python or JavaScript
SDKs or via LLM tool calling.
Below we are just showing how to use Arcade as an auth provider, if you ever
need to.
"""
# Start the authorization process
auth_response = client.auth.start(
user_id=user_id,
provider="google",
scopes=["https://www.googleapis.com/auth/gmail.readonly"],
)
if auth_response.status != "completed":
print("Please complete the authorization challenge in your browser:")
print(auth_response.url)
# Wait for the authorization to complete
auth_response = client.auth.wait_for_completion(auth_response)
token = auth_response.context.token
if not token:
raise ValueError("No token found in auth response")
credentials = Credentials(token)
gmail = build("gmail", "v1", credentials=credentials)
email_messages = (
gmail.users().messages().list(userId="me").execute().get("messages", [])
)
print(email_messages)Using Google auth in custom tools
You can use the pre-built Arcade Google toolkit to quickly build agents and AI apps that interact with Google services like Gmail, Calendar, Drive, and more.
If the pre-built tools in the Google toolkit don’t meet your needs, you can author your own custom tools that interact with Google APIs.
Use the Google() auth class to specify that a tool requires authorization with Google. The context.authorization.token field will be automatically populated with the user’s Google token:
from typing import Annotated
from arcade.sdk import ToolContext, tool
from arcade.sdk.auth import Google
from google.oauth2.credentials import Credentials
from googleapiclient.discovery import build
@tool(
requires_auth=Google(
scopes=["https://www.googleapis.com/auth/gmail.readonly"],
)
)
async def list_emails(
context: ToolContext,
subject: Annotated[str, "The subject of the email"],
body: Annotated[str, "The body of the email"],
recipient: Annotated[str, "The recipient of the email"],
) -> Annotated[str, "A confirmation message with the sent email ID and URL"]:
"""
Send an email using the Gmail API.
"""
if not context.authorization or not context.authorization.token:
raise ValueError("No token found in context")
credentials = Credentials(context.authorization.token)
gmail = build("gmail", "v1", credentials=credentials)
email_messages = (
gmail.users().messages().list(userId="me").execute().get("messages", [])
)
return email_messages