Thanks, Jarrad! Really helps to see everything laid out end to end.
I’ve been having trouble successfully connecting to the google cloud apis (for sql storage) from the API connector on the bubble side. It would be amazing if you could map out an example for where all of these fields go within the API connector & the bubble-side process for connecting!
I have successfully hooked up Google Cloud Vision API via the Bubble API Connector, which was relatively straightforward using a service account API key. However, hooking into Google Cloud Storage API is proving much more difficult. Has anyone had any luck doing so? Maybe you @jarrad? The process seems to be much more convoluted, and I am completely stuck trying to figure out Google’s OAuth2 flow for a service account. It involves obtaining a signed JWT to exchange for a bearer token. I’ve followed Google’s documentation as well as I can, and created what I thought was a valid signed JWT, but when I go to exchange it for the bearer token (in Postman) I ultimately still get an error: “invalid_grant” (error_description: “Invalid JWT signature”). Not having any luck troubleshooting on the web/StackOverflow. Can anyone help?
Just looking at a few parts of your message im wondering in what case your using a service account with an API key? but the other thing is when you say OAuth flow - what exactly are you expecting to see using a service account in regards to this? its not a trick question, i have seen a few people go around in circles trying to perform end user tasks with service accounts and expecting the whole auth flow to be the same.
I’m trying to get a list of bucket objects from Google Cloud Storage JSON API. Unlike the Cloud Vision API, which has minimal security since it’s just a processing API (therefore allows a simple service account API key to use the API), the Storage API requires OAuth – at least I think it does – because it is in theory accessing user data. In my case, all of the objects are publicly accessible, but I still can’t see any way to get the storage API to return the object list without authenticating with something more than just my service account API key.
A server-centric flow allows an application to directly hold the credentials of a service account to complete authentication. Use this flow if your application works with its own data rather than user data. Google Cloud Platform projects have default service accounts you can use, or you can create new ones.
… and an entire section beneath it on Service Account Credentials, the operative part being this:
When you use a service account to authenticate your application, you do not need a user to authenticate to get an access token. Instead, you obtain a private key from the Google Cloud Platform Console, which you then use to send a signed request for an access token. You can then use the access token like you normally would.
I obtained the private key for my service account (easy), but I keep ending up in circles trying to figure out how to exchange it for the bearer token that I need for my API calls.
hey Edd - did you manage to get this working as you’ve described using a Google service account key? I too have the requirement to access my entire firebase database and need a single auth rather than for each individual user.
I’m trying to do this for the Google Calendar API and since that requires access to sensitive information it looks like Google requests that you register the domain. But I’m not ready to publish by Bubble app and still using the test domain.
For now I’m getting this 403 Error.
Anyone know how to register these test Bubble domains?