Reputation: 115
Creating projects on Google Cloud Platform for API Access via OAuth
Assume that there is an application, SPA, that uses Google OAuth2.0 to access the Google Drive API.
Reading the docs, the application flow seems familiar enough on the client-side specially with Google's JavaScript library for authentication. However, I have stumbled upon a roadblock during application registration phase.
When creating the credentials for our client application, I am redirected to fill out the form at the OAuth Consent Screen first. There, among other things it demands us to declare whether the application is in Testing or In Production phase, so it can decide whether the app will be available to everyone or to Test Users only.
Assume I create a project for our application and set it on testing at first and then change it to production once I am ready to publish (with a new set of credentials as well).
My question is this. What if development continues on the application for new features while one instance of the app is in production? During development and testing I would need to restrict the application to my Test Users alone. Since the OAuth consent screen is project specific, not credential specific, will I require multiple projects on the console for every environment in which the application is running?
As in,
- Project MyAppTesting will permanently remain in testing mode and will denote our development/testing branch.
- Project MyAppProduction is always in production and denotes my production branch.
Similarly for the mobile client:
- A MyMobileAppDev project having credentials configured with the debug keystore hash
- A MyMobileAppProd project having credentials configured with the production keystore hash.
(both sets of credentials share the same package name).
Is this the idiomatic way? I failed to find any documentation on the matter. Please advise.
Upvotes: 0
Views: 315
Answers (1)
Reputation: 560
What @JohnHanley stated is the best way and the best practice when deploying application/s in GCP.
You can create multiple projects and create different Oauth for each of the projects. Check out this link on service accounts.
In addition to that, there are also some pros and cons when it comes to billing.
Pros:
- Users consider having multiple billing accounts with respective projects assigned for each account to be able to see their billing details separately. In this way you can monitor the billing for each of the respective projects for each account.
Cons:
- Attaching all the projects to one billing account, however, the billing reports will show all of the sum of the cost for all the projects, but you can still use the filter menu to be able to see the charges for each project.
Upvotes: 1
Related Questions
- A way to automate project creation on GCP or make the OAuth Google workflow create one project per user?
- Relation between GCP project and OAuth app
- Google Cloud Project Service Accounts
- Manage GCP project credentials through API
- How can take the first step create a project on google cloud using Python API client
- How to google oauth to an api? My example is not working
- Creating a Project programmatially in GCP
- Google Cloud Adding a user to a project
- Create Google Cloud Project with Cloud Resource Manager API
- How to Create a Project in Google Developers Console