shiny.reglog: How to get Google API authorization

Michał Kosiński

2021-10-28

shiny.reglog currently allows for two methods in both data storage and e-mail sending. In both of these areas, one of the method makes use of gargle-based packages: googlesheets4 for data storage and gmailr for e-mail sending.

googlesheets4 API scopes are mid level (reading and writing spreadsheets), so the setup is pretty easy - it needs you to have a Google Account and generate secrets once in interactive session. gmailr scope for sending e-mails is high level, so it actually needs you to make some work in Google Cloud Console.

As I know from my own experience, the setup for this authorization may be a little tricky. By writing this vignette I’m trying to get users of shiny.reglog to get started quickly with the general settings. For more detailed description I refer to gargle sources, mainly:

Setting up googlesheets4 auth

To enable authorization for googlesheets4 in ShinyApp, you need to create a token with correct scopes once, during the interactive session. auth/spreadsheet scope don’t need the httr OAuth app set up (though it is recommended if you are also using gmailr for mail sending - details in next section)

    # Setting up OAuth app isn't mandatory, though it is recommended
    # more details about this in next session

    # app <- httr::oauth_app(
    #   appname = "your app name", # only shows during asking for permission in browser 
    #   key = "Your Client ID", 
    #   secret = "Your Client Secret")

    googlesheets4::gs4_auth(
      email = "gmail used to access the spreadsheets",
      # it is recommended to cache the secret in place where it is easy
      # to find initially. You will need to copy the file to the Shiny Server.
      # After copying it is preferable to hide it for the security
      cache = "path/to/secrets"
      )

After running the code once in interactive session, you can copy the secret from path/to/secrets, paste it in safe folder on the server and modify the code to show the gs4_auth() function where to find it.

Security shouldn’t be a problem on shinyapps.io, but if you are deploying Shiny-Server yourself, remember to secure it - ideally make it available only for the shiny user.

Setting up gmailr auth

Scopes for e-mail sending are a bit higher than spreadsheet read & write. You need to use an OAuth app configured in Google Cloud Console. I will try to show in detail how to do it.

    gmailr::gm_auth_configure(
       key = "Your Client ID", 
       secret = "Your Client Secret"
    )

    gmailr::gm_auth(
      email = "gmail which will be used to send e-mails",
      # it is recommended to cache the secret in place where it is easy
      # to find initially. You will need to copy the file to the Shiny Server.
      # After copying it is preferable to hide it for the security
      cache = "path/to/secrets",
      scopes = "send"
      )

After running the code once in interactive session, you can copy the secret from path/to/secrets, paste it in safe folder on the server and modify the code to show the gm_auth() function where to find it.

Security shouldn’t be a problem on shinyapps.io, but if you are deploying Shiny-Server yourself, remember to secure it - ideally make it available only for the shiny user.

Voila!

Congratulations, your ShinyApp should now be able to use the Google API required to access googlesheets and/or sending emails through gmail!