Build your app

Once you have set up your project, you can get your app built and working. Regardless of your architectural choices, you must do the following:

  1. Save the OAuth credentials you created for the application and group them with your application code.
  2. Implement the authorization flows for your app using these credentials.
  3. Code the application.
  4. Verify that the application meets our standards for publishing in G Suite Marketplace.

The following sections summarize how to do these steps for each architectural style.

Save OAuth credentials information

Make sure that you have the following information for your application, created when you configure your application OAuth credentials. You can download a client ID and client secret together as a JSON file from the console. You can also download service account private keys as JSON (recommended) or P12 files.

  • Web server applications: client ID and client secret
  • Client-side applications: client ID and client secret
  • Service account: service account client ID and downloaded private key
  • Apps Script projects and add-ons: none (Apps Script handles OAuth details automatically)

If you are using a downloaded JSON or P12 file, place it where your application code can access it while setting up the authorization flow.

Implement authorization

Depending on how you wish to build your application, you can use one of the following methods to implement authorization.

JavaScript client applications

For a client-side app, you can access Google services as follows:

  1. Implement the client-side authorization flow using the Google API client library.
  2. Use the JavaScript library with the client ID and client secret.
  3. Use the Google+ Sign-in button to help simplify the process.
  4. Access Google services using the appropriate Google API calls.

Simple web server applications

For a server-side app that only needs online access (that is, it doesn't perform any background or scheduled processing when the user is absent), access Google services as follows:

  1. Instantiate service client objects using the appropriate Google API client library, with the client ID and client secret.
  2. Use these objects to implement the web server authorization flow.
  3. Access Google services using the appropriate Google API calls.

Web server applications with offline access

Most applications can obtain offline access using the standard OAuth 2 web server authorizaton flow. Users see a simplified consent screen when authorizing applications approved by their domain administrator. These applications can access Google services as follows:

  1. Instantiate a client object using the appropriate Google API client library, with the client ID and client secret.
  2. Use this object to implement the web server authorization flow and obtain the user ID from an access token.
  3. Access Google services using the appropriate Google API calls.

Applications that require access to user data without interaction and only the domain administrator's consent should use service accounts to obtain access. Access Google services as follows:

  1. Instantiate new client objects, with the service account client ID and private key, to implement the service account authorization flow.
  2. Access Google services using the appropriate Google API calls.

Apps Script projects and add-ons

For these applications, you don't need to implement the authorization flow yourself; Apps Script handles the details of the authorization flow automatically. See Authorization for Google services and Add-on authorization lifecycle for more information.

Code the application

When implementing your application, your code can make calls to Google APIs and services. The Google API client libraries provide tools to make calling Google APIs easier.

Meet G Suite Marketplace standards

The end goal of our OAuth requirements is to ensure that users and domain administrators have a seamless integration experience between their Google account and your application. The G Suite Marketplace review team carefully reviews all applications to ensure they meet these standards. When you have completed your application, it should fulfill the following requirements:

  • Use OAuth 2.0
  • The user sees the OAuth Consent screen only once; if you’re using a service account to allow a domain admin accept terms on behalf of the domain users, then the end users must never see the OAuth consent screen.
  • Use SSO to to have existing users of your application log into their account with you.
  • New users of your application should be able to use their Google credentials to create a new account. It’s acceptable to direct them to trial or freemium version of an account if they cannot have a full version.

Additional resources

Additional resources that may help with OAuth 2.0 implementation are:

If you still have technical questions after reviewing the above documentation, visit our Stack Overflow page.

Send feedback about...

G Suite Marketplace
G Suite Marketplace
Need help? Visit our support page.