-
Notifications
You must be signed in to change notification settings - Fork 10
docs(agentkit): add Google Workspace (DWD) connector docs #691
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
7 commits
Select commit
Hold shift + click to select a range
a929d2d
docs(agentkit): add Google DWD connector page and tool data
Avinash-Kamath 1b69f8b
docs(agentkit): add Google Workspace DWD connector documentation
Avinash-Kamath 77facf6
refactor(googledwd): move hand-authored content into sync-safe templates
saif-at-scalekit c76fff7
fix: add security guidance for service account JSON key
saif-at-scalekit f315729
fix: allow H2 or H3 step headings in CodeRabbit guidelines
saif-at-scalekit 0f11a29
fix(agentkit): fix broken googledwd template imports after rename
Avinash-Kamath e8a9142
fix: add missing template files for googledwd connected-account and c…
saif-at-scalekit File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3 changes: 3 additions & 0 deletions
3
...nts/templates/agent-connectors/_section-after-authentication-googledwd-auth.mdx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| export const sectionTitle = 'Authentication' | ||
|
|
||
| This connector uses **Service Account with Domain-Wide Delegation (DWD)**. You create a GCP service account, grant it domain-wide delegation in Google Admin, and provide Scalekit with the service account JSON key. Scalekit then impersonates any user in your Google Workspace domain on demand — no per-user OAuth redirects required. |
60 changes: 60 additions & 0 deletions
60
.../templates/agent-connectors/_section-after-setup-googledwd-common-workflows.mdx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| export const sectionTitle = 'Common workflows' | ||
|
|
||
| import { Tabs, TabItem, Aside } from '@astrojs/starlight/components' | ||
|
|
||
| <details> | ||
| <summary>Create a connected account</summary> | ||
|
|
||
| Before executing tools, create a connected account for each Google Workspace user you want to impersonate. Pass the user's email as `subject` — this tells Scalekit which Workspace user the service account should act as. The `identifier` is your application's ID for that user. | ||
|
|
||
| <Aside type="note" title="Admin authorization required"> | ||
| The Google Workspace admin must whitelist your service account Client ID and scopes before this call will succeed. See the **Create a connected account** steps above. | ||
| </Aside> | ||
|
|
||
| <Tabs syncKey="tech-stack"> | ||
| <TabItem label="Python"> | ||
| ```python | ||
| response = scalekit_client.actions.create_connected_account( | ||
| # connection_name: the name of the connection you created in the setup step above | ||
| connection_name='googledwd', | ||
| identifier='user_123', | ||
| authorization_details={ | ||
| "google_dwd": { | ||
| # subject: the Google Workspace user you want to impersonate | ||
| "subject": "alice@yourcompany.com", | ||
| } | ||
| }, | ||
| ) | ||
| print(response.connected_account.id) | ||
| print(response.connected_account.status) | ||
| ``` | ||
| </TabItem> | ||
| </Tabs> | ||
|
|
||
| </details> | ||
|
|
||
| <details> | ||
| <summary>Execute a tool</summary> | ||
|
|
||
| Use the `identifier` you set when creating the connected account. Scalekit resolves the impersonated Workspace user from that mapping. | ||
|
|
||
| <Tabs syncKey="tech-stack"> | ||
| <TabItem label="Python"> | ||
| ```python | ||
| response = scalekit_client.actions.execute_tool( | ||
| # connection_name: the name of the connection you created in the setup step above | ||
| connection_name='googledwd', | ||
| identifier='user_123', | ||
| tool_name='googledwd_fetch_mails', | ||
| tool_input={ | ||
| "max_results": 5, | ||
| "format": "metadata", | ||
| "include_spam_trash": False, | ||
| }, | ||
| ) | ||
| print(response) | ||
| ``` | ||
| </TabItem> | ||
| </Tabs> | ||
|
|
||
| </details> |
29 changes: 29 additions & 0 deletions
29
...templates/agent-connectors/_section-after-setup-googledwd-connected-account.mdx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| export const sectionTitle = 'Create a connected account' | ||
|
|
||
| import { Tabs, TabItem, Aside } from '@astrojs/starlight/components' | ||
|
|
||
| Before executing tools, create a connected account for each Google Workspace user you want to impersonate. Pass the user's email as `subject` — this tells Scalekit which Workspace user the service account should act as. The `identifier` is your application's ID for that user. | ||
|
|
||
| <Aside type="note" title="Admin authorization required"> | ||
| The Google Workspace admin must whitelist your service account Client ID and scopes before this call will succeed. See the **Set up the connector** steps above. | ||
| </Aside> | ||
|
|
||
| <Tabs syncKey="tech-stack"> | ||
| <TabItem label="Python"> | ||
| ```python | ||
| response = scalekit_client.actions.create_connected_account( | ||
| # connection_name: the name of the connection you created in the setup step above | ||
| connection_name='googledwd', | ||
| identifier='user_123', | ||
| authorization_details={ | ||
| "google_dwd": { | ||
| # subject: the Google Workspace user you want to impersonate | ||
| "subject": "alice@yourcompany.com", | ||
| } | ||
| }, | ||
| ) | ||
| print(response.connected_account.id) | ||
| print(response.connected_account.status) | ||
| ``` | ||
| </TabItem> | ||
| </Tabs> |
29 changes: 29 additions & 0 deletions
29
...lates/agent-connectors/_section-before-tool-list-googledwd-common-workflows.mdx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| export const sectionTitle = 'Common workflows' | ||
|
|
||
| import { Tabs, TabItem } from '@astrojs/starlight/components' | ||
|
|
||
| <details> | ||
| <summary>Execute a tool</summary> | ||
|
|
||
| Use the `identifier` you set when creating the connected account. Scalekit resolves the impersonated Workspace user from that mapping. | ||
|
|
||
| <Tabs syncKey="tech-stack"> | ||
| <TabItem label="Python"> | ||
| ```python | ||
| response = scalekit_client.actions.execute_tool( | ||
| # connection_name: the name of the connection you created in the setup step above | ||
| connection_name='googledwd', | ||
| identifier='user_123', | ||
| tool_name='googledwd_fetch_mails', | ||
| tool_input={ | ||
| "max_results": 5, | ||
| "format": "metadata", | ||
| "include_spam_trash": False, | ||
| }, | ||
| ) | ||
| print(response) | ||
| ``` | ||
| </TabItem> | ||
| </Tabs> | ||
|
|
||
| </details> |
58 changes: 58 additions & 0 deletions
58
src/components/templates/agent-connectors/_setup-googledwd.mdx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| import { Steps, Aside } from '@astrojs/starlight/components' | ||
|
|
||
| Register your Scalekit environment with the Google Workspace (DWD) connector so Scalekit can act on behalf of any user in your Google Workspace domain. Unlike OAuth connectors, DWD uses a service account — no per-user login flows are required. | ||
|
|
||
| <Steps> | ||
| 1. ### Create a connection in Scalekit | ||
|
|
||
| - In [Scalekit dashboard](https://app.scalekit.com), go to **AgentKit** > **Connections** > **Create Connection**. Find **Google Workspace (DWD)** and click **Create**. | ||
| - Under **Scopes**, add each Google API scope your agent needs. Enter the full scope URI, for example: | ||
| - `https://www.googleapis.com/auth/gmail.readonly` | ||
| - `https://www.googleapis.com/auth/calendar` | ||
| - `https://www.googleapis.com/auth/drive` | ||
|
|
||
| See the [Google OAuth 2.0 Scopes reference](https://developers.google.com/identity/protocols/oauth2/scopes) for the full list. | ||
|
|
||
| 2. ### Create a GCP service account | ||
|
|
||
| - Go to [Google Cloud Console](https://console.cloud.google.com) → **IAM & Admin** → **Service Accounts**. | ||
| - Click **+ Create Service Account**, enter a name and description, and click **Create and Continue**. | ||
| - Skip the optional role and user access steps and click **Done**. | ||
|
|
||
| 3. ### Download the service account JSON key | ||
|
|
||
| - In [Google Cloud Console](https://console.cloud.google.com), go to **IAM & Admin** → **Service Accounts** and click your service account. | ||
| - Go to the **Keys** tab → **Add Key** → **Create new key**. | ||
| - Select **JSON** and click **Create**. The key file downloads automatically. | ||
|
|
||
| 4. ### Add the service account JSON in Scalekit | ||
|
|
||
| - In [Scalekit dashboard](https://app.scalekit.com), go to **AgentKit** > **Connections** and open the connection you created in step 1. | ||
| - Paste the full contents of the downloaded JSON key file into the **Service Account JSON** field. Treat this JSON key as a secret credential — restrict access to the connection settings and rotate or revoke the key immediately if it is exposed. | ||
| - Click **Save**. | ||
|
coderabbitai[bot] marked this conversation as resolved.
|
||
| </Steps> | ||
|
|
||
| ### Authorize the service account in Google Admin | ||
|
|
||
| The admin of the Google Workspace organization you want to connect to must complete these steps to authorize your service account. | ||
|
|
||
| <Aside type="caution" title="Requires Google Workspace super admin access"> | ||
| These steps must be completed by a super admin of the target Google Workspace organization — not in your GCP account. | ||
| </Aside> | ||
|
|
||
| <Steps> | ||
| 1. ### Open API controls in Google Admin | ||
|
|
||
| - Sign in to [Google Admin console](https://admin.google.com) as a super admin. | ||
| - Go to **Security** → **Access and data control** → **API controls**. | ||
| - Click **Manage Domain Wide Delegation** → **Add new**. | ||
|
|
||
| 2. ### Authorize the service account | ||
|
|
||
| - In **Client ID**, enter the **Unique ID** of the service account created during setup (visible in GCP Console → **IAM & Admin** → **Service Accounts** → click the service account → **Details** tab). | ||
| - In **OAuth scopes**, enter the scopes comma-separated — these must match exactly what was configured in the Scalekit connection. For example: | ||
| - `https://www.googleapis.com/auth/gmail.readonly, https://www.googleapis.com/auth/calendar, https://www.googleapis.com/auth/drive` | ||
| - Click **Authorize**. | ||
| </Steps> | ||
|
|
||
| You can now impersonate any user in that workspace with your service account via Scalekit connected accounts. | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,90 @@ | ||
| --- | ||
| title: 'Google Workspace (DWD) connector' | ||
| tableOfContents: true | ||
| description: 'Set up Google Workspace Domain-Wide Delegation to let your agent impersonate users through a service account — no per-user OAuth required.' | ||
| sidebar: | ||
| label: 'Google Workspace (DWD)' | ||
| connectorIcon: https://cdn.scalekit.com/sk-connect/assets/provider-icons/google.svg | ||
| connectorAuthType: Service Account (DWD) | ||
| connectorCategories: [productivity, communication] | ||
| head: | ||
|
saif-at-scalekit marked this conversation as resolved.
|
||
| - tag: style | ||
| content: | | ||
| .sl-markdown-content h2 { | ||
| font-size: var(--sl-text-xl); | ||
| } | ||
| --- | ||
|
coderabbitai[bot] marked this conversation as resolved.
|
||
|
|
||
| import ToolList from '@/components/ToolList.astro' | ||
| import { tools } from '@/data/agent-connectors/googledwd' | ||
| import { Steps, Tabs, TabItem } from '@astrojs/starlight/components' | ||
| import { AgentKitCredentials } from '@components/templates' | ||
| import { SetupGoogledwdSection } from '@components/templates' | ||
| import { SectionAfterAuthenticationGoogledwdAuth } from '@components/templates' | ||
| import { SectionAfterSetupGoogledwdConnectedAccount } from '@components/templates' | ||
| import { SectionBeforeToolListGoogledwdCommonWorkflows } from '@components/templates' | ||
|
|
||
| <Steps> | ||
|
|
||
| 1. ### Install the SDK | ||
|
|
||
| <Tabs syncKey="tech-stack"> | ||
| <TabItem label="Node.js"> | ||
| ```bash frame="terminal" | ||
| npm install @scalekit-sdk/node | ||
| ``` | ||
| </TabItem> | ||
| <TabItem label="Python"> | ||
| ```bash frame="terminal" | ||
| pip install scalekit | ||
| ``` | ||
| </TabItem> | ||
| </Tabs> | ||
|
|
||
| Full SDK reference: [Node.js](/agentkit/sdks/node/) | [Python](/agentkit/sdks/python/) | ||
|
|
||
| 2. ### Set your credentials | ||
|
|
||
| <AgentKitCredentials /> | ||
|
|
||
| 3. ### Set up the connector | ||
|
|
||
| Register your Google Workspace credentials with Scalekit so it can authenticate requests on your behalf. You do this once per environment. | ||
|
|
||
| <details> | ||
| <summary>Dashboard setup steps</summary> | ||
|
|
||
| <SetupGoogledwdSection /> | ||
|
|
||
| </details> | ||
|
|
||
| </Steps> | ||
|
|
||
| ## What you can do | ||
|
|
||
| Connect this agent connector to let your agent: | ||
|
|
||
| - **Read and search emails** — Fetch messages, threads, and attachments from any Gmail label or inbox | ||
| - **Send and manage emails** — Compose messages, manage drafts, and modify labels on Gmail messages | ||
| - **Manage Google Drive files** — Share, move, copy, and query activity on files and folders in Google Drive | ||
| - **Access Google Calendar** — Read, create, and manage calendar events across a user's calendars | ||
| - **Manage Google Vault** — List matters and manage legal holds in Google Vault | ||
| - **Administer user settings** — Update vacation auto-reply settings and other Gmail account configurations | ||
|
|
||
| ## Authentication | ||
|
|
||
| <SectionAfterAuthenticationGoogledwdAuth /> | ||
|
|
||
| ## Create a connected account | ||
|
|
||
| <SectionAfterSetupGoogledwdConnectedAccount /> | ||
|
|
||
| ## Common workflows | ||
|
|
||
| <SectionBeforeToolListGoogledwdCommonWorkflows /> | ||
|
|
||
| ## Tool list | ||
|
|
||
| Use the exact tool names from the **Tool list** below when you call `execute_tool`. If you're not sure which name to use, list the tools available for the current user first. | ||
|
|
||
| <ToolList tools={tools} /> | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.