Google auth provider
The Google auth provider enables tools and agents to call Google/Google Workspace APIs on behalf of a user. Behind the scenes, the Arcade Engine and the Google auth provider seamlessly manage Google OAuth 2.0 authorization for your users.
Want to quickly get started with Google services in your agent or AI app? The pre-built Arcade Google toolkit is what you want!
What’s documented here
This page describes how to use and configure Google auth with Arcade.
This auth provider is used by:
- The Arcade Google toolkit, which provides pre-built tools for interacting with Google services
- Your app code that needs to call Google APIs
- Or, your custom tools that need to call Google APIs
Configuring Google auth
How you configure the Google auth provider depends on whether you use the Arcade Cloud Engine or a self-hosted Engine.
With the Arcade Cloud Engine, you can start building and testing Google auth without any configuration. Your users will see Arcade (demo)
as the name of the application that’s requesting permission.
When you are ready to go to production, you’ll want to configure the Google auth provider with your own Google app credentials, so users see your app name when they authorize access.
Create a Google app
- Follow Google’s guide to setting up OAuth credentials
- Choose the scopes (permissions) you need for your app
- At a minimum, you must enable these scopes:
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile
- Set the redirect URL to:
https://cloud.arcade.dev/api/v1/oauth/callback
- Copy the client ID and client secret to use below
Next, add the Google app to your Arcade Engine configuration. You can do this in the Arcade Dashboard, or by editing the engine.yaml
file directly (for a self-hosted instance).
Configuring Google auth with the Arcade Dashboard
- Navigate to the OAuth section of the Arcade Dashboard and click Add OAuth Provider.
- Select Google as the provider.
- Choose a unique ID for your provider (e.g. “my-google-provider”) with an optional Description.
- Enter your Client ID and Client Secret from your Google app.
- Click Save.
When you use tools that require Google auth using your Arcade account credentials, the Arcade Engine will automatically use this Google OAuth provider.
Configuring Google auth in self-hosted Arcade Engine configuration
Set environment variables
Set the following environment variables:
export GOOGLE_CLIENT_ID="<your client ID>"
export GOOGLE_CLIENT_SECRET="<your client secret>"
Or, you can set these values in a .env
file:
GOOGLE_CLIENT_ID="<your client ID>"
GOOGLE_CLIENT_SECRET="<your client secret>"
See Engine configuration for more information on how to set environment variables and configure the Arcade Engine.
Edit the Engine configuration
Edit the engine.yaml
file and add a google
item to the auth.providers
section:
auth:
providers:
- id: default-google
description: "The default Google provider"
enabled: true
type: oauth2
provider_id: google
client_id: ${env:GOOGLE_CLIENT_ID}
client_secret: ${env:GOOGLE_CLIENT_SECRET}
Using Google auth in app code
Use the Google auth provider in your own agents and AI apps to get a user token for Google APIs. See authorizing agents with Arcade to understand how this works.
Use client.auth.start()
to get a user token for Google APIs:
from arcadepy import Arcade
from google.oauth2.credentials import Credentials
from googleapiclient.discovery import build
client = Arcade() # Automatically finds the `ARCADE_API_KEY` env variable
user_id = "[email protected]"
"""
In this example, we will use Arcade to authenticate with Google and
retrieve Gmail messages.
There is a tool for that in the Arcade SDK, which simplifies the process for
you to retrieve email messages either through our Python or JavaScript
SDKs or via LLM tool calling.
Below we are just showing how to use Arcade as an auth provider, if you ever
need to.
"""
# Start the authorization process
auth_response = client.auth.start(
user_id=user_id,
provider="google",
scopes=["https://www.googleapis.com/auth/gmail.readonly"],
)
if auth_response.status != "completed":
print("Please complete the authorization challenge in your browser:")
print(auth_response.url)
# Wait for the authorization to complete
auth_response = client.auth.wait_for_completion(auth_response)
token = auth_response.context.token
if not token:
raise ValueError("No token found in auth response")
credentials = Credentials(token)
gmail = build("gmail", "v1", credentials=credentials)
email_messages = (
gmail.users().messages().list(userId="me").execute().get("messages", [])
)
print(email_messages)
Using Google auth in custom tools
The Arcade Model API is a convenient way to call language models and automatically invoke tools. You can use the pre-built Arcade Google toolkit to quickly build agents and AI apps that interact with Google services like Gmail, Calendar, Drive, and more.
If the pre-built tools in the Google toolkit don’t meet your needs, you can author your own custom tools that interact with Google APIs.
Use the Google()
auth class to specify that a tool requires authorization with Google. The context.authorization.token
field will be automatically populated with the user’s Google token:
from typing import Annotated
from arcade.sdk import ToolContext, tool
from arcade.sdk.auth import Google
from google.oauth2.credentials import Credentials
from googleapiclient.discovery import build
@tool(
requires_auth=Google(
scopes=["https://www.googleapis.com/auth/gmail.readonly"],
)
)
async def list_emails(
context: ToolContext,
subject: Annotated[str, "The subject of the email"],
body: Annotated[str, "The body of the email"],
recipient: Annotated[str, "The recipient of the email"],
) -> Annotated[str, "A confirmation message with the sent email ID and URL"]:
"""
Send an email using the Gmail API.
"""
if not context.authorization or not context.authorization.token:
raise ValueError("No token found in context")
credentials = Credentials(context.authorization.token)
gmail = build("gmail", "v1", credentials=credentials)
email_messages = (
gmail.users().messages().list(userId="me").execute().get("messages", [])
)
return email_messages