Accessing Google APIs in BBj with OAuth 2.0

Description

In BBj, applications use OAuth 2.0 authorization to access Google APIs. In BBj 24.22 and higher, authorization is handled by a servlet, allowing chosen Google APIs to run in all clients. This document explains how to implement OAuth 2.0 authorization by creating Google Credentials through Google Cloud services.

User Interface Layout:

This document reflects the Google Cloud interface as of February 2025. Google frequently updates and modifies its interface, so some details may differ in the future.

Choose a Google Cloud Project

  1. Go to the Google Developers Console.
  2. Click the [Select a project] button in the header. The name of this button changes based on the selected project’s name.
    3. pointer to the [Select a project] button in the Google Cloud header

    [Select a project] Button

  3. Select an existing project, or click the [New project] button to create a project. If choosing an existing project, skip to the Enable APIs section of this document.

Create a Google Cloud Project

The "New Project" page can be accessed from two different buttons: clicking the previously documented [New project] button, or clicking the [Create project] button that’s inside the gray message box:

Message box with the text, "To view this page, select a project" and a [Create project] button

Message for Selecting a Project

Regardless of what button is clicked, users are shown the following:

New Project fields with two buttons at the bottom, [Create] and [Cancel].

Fields on the "New Project" Page

  1. Give the project a name related to what the OAuth keys will be used for.
  2. (Optional) Change the Project ID by clicking [Edit] and editing the new Project ID field.
  3. Select an organization to attach the project to.
  4. Select a parent organization or folder.
  5. Click the [Create] button.

Enable APIs

The “Enabled APIs & services” page includes a list of currently enabled APIs. Here are the steps to enable an API:

  1. Go to the Google API Library by clicking Library on the side navigation menu.
  2. Find a desired API. Clicking on it will go to its "Product details" page.
  3. Click on the [ENABLE] button:
    4. Gmail API Product details page with an arrow on the [ENABLE] button.

    "Product details" Page for the Gmail API

If that API is already enabled, a [MANAGE] button is displayed instead:

The [MANAGE] button replaces the [ENABLE] button and there is a checkmark with the text 'API Enabled'.

Product Details Buttons for an Enabled API.

Create OAuth Client ID

**The following information is subject to change. Verify with official Google announcements for the most current information.**

Inactive OAuth Clients:

Google has announced that starting in June 2025, it will automatically delete OAuth clients that have remained inactive for six months to prevent credential theft and misuse. See Unused Client Deletion for more information.

  1. A consent screen is required to create an OAuth client ID. Follow this Google guide to configure one: Configure the OAuth consent screen and choose scopes.
  2. Return to the Google Developers Console and click Credentials on the side navigation menu.
  3. Click [+ CREATE CREDENTIALS] and choose OAuth client ID.
    4. The [+ CREATE CREDENTIALS] button is in the section header, and the 'OAuth client ID' is the second option.

    Navigation from the Side Menu to OAuth client ID

  4. For Application type, always select Web application, regardless of whether your application is GUI, DWC, or BUI.
  5. Click the [+ Add URI] button under Authorized redirect URIs.
  6. Provide URL(s) to access a BBxServlet in Enterprise Manager. These URLs must point to the web protocol + web server host + web server port + servlet name, like the following example: https://documentation.basis.cloud:8443/goauth2servlet

    Note:

    Remember the servlet name, as it will be needed in the Create a BBxServlet section of this document.

  7. Click the [CREATE] button.
  8. Copy the Client ID and the Client secret when the following confirmation appears:
    9. The page that appears after creating an OAuth client.

    "OAuth client created" Page

  9. Click [OK]

Update BBj Properties

  1. Go to <bbjhome>/cfg/BBj.properties.
  2. Add the following properties:
    • com.basis.util.goauth2.clientid=<created client id>
    • com.basis.util.goauth2.clientsecret=<created client secret>
  3. ClosedOptional properties:
    • To require SSL for redirection, add the following:
      • com.basis.util.goauth2.requiressl=true
    • To override the redirection URL, add the following:
      • com.basis.util.goauth2.directurl=<full URL>

      Note:

      The com.basis.util.goauth2.directurl must match the Authorized redirect URIs in step 6 of Create OAuth Client ID.

Create a BBxServlet

  1. Log into Enterprise Manager.
  2. Navigate to Web > Context Configuration.
  3. Choose a Context.
  4. Click the [] button to add a BBxServlet.
  5. At a minimum, specify the following configuration settings for the BBxServlet:
    6. Configuration setting Value
    URL Mapping

    Match the URL Mapping given in step 6 of Create OAuth Client ID. For the provided example, this value would be:

    /goauth2servlet
    Source File <bbj home>/utils/gapps/GOAuth2Servlet.bbj
    Class Name GOAuth2Servlet
    Method Name service
  6. Restart BBjServices.

Alternative:

Instead of using Enterprise Manager, a BBxServlet can be added with the BBjJettyContextConfiguration::addBBxServlet method. Those creating a BBxServlet this way will also need to use the BBjJettyServerConfiguration::saveConfig method.

See Also

Using OAuth 2.0 to Access Google APIs

OAuth 2.0 for Client-side Web Applications

Enterprise Manager: Context Configuration