🔐 Authentication Options
There are two ways to authenticate:
OAuth 2.0 User Consent
Recommended if you plan to auto-create events for only one or a few employees.
Each employee must sign in once with their Google Workspace account and consent to Journeys accessing their calendar.
Domain-Wide Delegation
Recommended if you plan to auto-create events for many employees.
Requires a Google Workspace admin to grant Journeys access to all calendars within your domain.
This article will cover how to set up OAuth 2.0 User Consent authentication.
OAuth 2.0 User Consent Flow
Follow these steps carefully.
Step 1: Create Client Credentials
Go to Google Cloud Console.
Create a new project, give it a name (e.g.,
Journeys-GoogleIntegration) and select it.
Navigate to APIs & Services > Library.
Search for Google Calendar API and click Enable.
In APIs & Services > Credentials, click Create Credentials > OAuth client ID.
You will be prompted to configure your consent screen:
Give the app a name (e.g.,
[YOUR_COMPANY_NAME] Journeys Integration) and choose a User support email.
For Audience, choose:
Internal - if all of your employees who will use this integration are part of the same Google Workspace domain (everyone has a
@yourcompany.comGoogle account).External - if any employee will connect using a personal Gmail account (e.g.,
@gmail.com), or if your company does not use Google Workspace.
Enter an email address to receive important updates about your project. This can be your own email or your IT/admin email. Then click Create to finish setting up the consent screen.
Next, create the OAuth client ID. For Application type, choose Web application. Give it a name (e.g.,
Journeys-GoogleOAuth).
Under Authorized redirect URIs, add:
http://localhost
Click Create.
You should see the following window:
Important: Copy the Client ID and Client Secret, or download the JSON credentials file. Store it securely and do not share it with others.
Step 2: Generate the Authorization Code
Ask the employee who will be granting Calendar access to paste the following URL into their browser (replace [YOUR_CLIENT_ID] with the Client ID from step 1):
https://accounts.google.com/o/oauth2/v2/auth?
client_id=[YOUR_CLIENT_ID]
&response_type=code
&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcalendar
&redirect_uri=http%3A%2F%2Flocalhost
&access_type=offline
&prompt=consent
The employee will be prompted to sign in to Google and approve access.
After consenting, the browser will redirect to:
http://localhost/?code=[YOUR_CODE]&scope=https://www.googleapis.com/auth/calendar
Copy the value of [YOUR_CODE] and store it immediately.
⚠️ Note: The code expires in 1 hour. If you don’t complete the next step in time, you’ll need to repeat this step.
Step 3: Exchange the Authorization Code for a Refresh Token
In Journeys' Integration Builder, create a new integration (name it Google Calendar).
Create a new endpoint and fill in the fields as below:
URL:
https://oauth2.googleapis.com/tokenExample request:
{
"code": "[YOUR_CODE]",
"client_id": "[YOUR_CLIENT_ID]",
"grant_type": "authorization_code",
"redirect_uri": "http://localhost",
"client_secret": "[YOUR_CLIENT_SECRET]"
}✏️ Note: replace
[YOUR_CODE],[YOUR_CLIENT_ID]and[YOUR_CLIENT_SECRET]with your own.Save this endpoint and test it.
In the response, locate:
"refresh_token": "1//03..."Copy the refresh token and store it securely.
Step 4: Configure Authentication in Journeys
Go to Authentication and fill in the following fields:
Authentication URL:
https://oauth2.googleapis.com/tokenClient ID: your
client_idfrom Google Cloud ConsoleClient secret: your
client_secretfrom Google Cloud ConsoleExtra data:
{
"refresh_token": "[YOUR_REFRESH_TOKEN]",
"grant_type": "refresh_token"
}✏️ Note: replace
[YOUR_REFRESH_TOKEN]with your own.
Test the authentication and confirm you get a successful response:
🎉 And voila, authentication is complete. You can proceed to add endpoints.