My Journey Integrating Google Calendar (G-suite) in Node

In this article, I’ll walk you through the agony of consuming Google Calendar API in Node with non-existent documentation. Particularly, accessing data using service account with domain-wide authority. If you haven’t been working with Google APIs, or at least not in Node. you might be surprised how incomplete their documentation is. How fussy could it be to integrate a Google API? I will dissect the issues I ran into in latter parts. Background Here, in , we divide students’ day into atomic unit of Block. Each block will be assigned to at least one instructor to handle the prescribed activities or lectures. Code Chrysalis We develop our internal platform, Monarch, to manage students’ schedules, repositories, instructors’ rosters, etc. The back-end is powered by Express.js with GraphQL and TypeORM, written entirely in TypeScript. Besides Monarch, staffs use G-suite and Google Calendar heavily to reflect their most accurate schedule. During my first month with Code Chrysalis, I had to manually create events from my roster to reflect my actual schedule on Google Calendar. For a software engineer, this is a pain in the ass. Thus, synchronizing our platform with Google Calendar become my first must-have feature to build. Objectives (left) When an instructor is assigned,.. (right) an event is created automatically. What I want: any block assignment should triggers a event creation/update in the assignee’s Google Calendar; the event should also be deleted following any removal of block Implementation Since we are using GraphQL, adding a hook into my Resolver is all I have to do. Whenever a Block is mutated, the logic to update the corresponding Google Calendar event is then triggered. Challenges The requirements are straightforward, consuming Google APIs is not! My main challenges were: set up service account for and properly validating it; domain-wide delegation consuming improperly documented and . google-auth-library-nodejs google-apis-client-nodejs Challenge #1: Validating My Service Account w/ Domain-wide Authority Google provides an authentication mechanism for server-to-server application using . A service account is an account representing an application instead of an individual user. It allows our application to work with its own data on Google instead of users’ data. However, with domain-wide delegation, we can grant our service account access to members’ data in the organization (provided you are using G-suite). Following , we granted our service account proper privilege to access calendars in the organization service account this guide When everything is set (or at least what I think it is), I’d love to validate it. I leaned towards writing code to test if my service account could properly access and mutate our Google Calendar data. Hence, I dived into the documentation of , trying to produce the dumbest code in Node that could read my own calendar, but to no avail. google-auth-library-nodejs After several attempts in Node, I decided to try my credentials using Google’s . Using , I managed to read my calendar list with several lines of code within a few minutes Python library this guide google.oauth2 service_account googleapiclient.discovery build SCOPES = [ ] SERVICE_ACCOUNT_FILE = credentials = service_account.Credentials.from_service_account_file(SERVICE_ACCOUNT_FILE, scopes=SCOPES) delegated_credentials = credentials.with_subject( ) service = build( , , credentials=delegated_credentials) print(service.calendarList().list().execute()) from import from import 'https://www.googleapis.com/auth/calendar' './xxxxxxxxxxxx.json' # You should make it an environment variable 'melvin@xxxxxxxx.xx' 'calendar' 'v3' > Accessing calendar data with delegated credentials in Python Up to this point, I know my service account is properly set up! Challenge #2: Consulting Non-existent Documentation Here comes the problem. My service account works, but I can’t seem to find anything related to delegated credential in . To access everyone’s calendar, I needed to set up delegated credentials like how I would do in Python. google-auth-library-nodejs The best documentation is sometimes the code itself. I opened up the source code of , and found the code that enables delegated credentials, which is by setting the subject property. However, I didn’t seem to find any related keyword in the . Therefore, I went through the source code of and eventually figured out how to create delegated credentials in Node. Google’s Python client lib Node client docs google-auth-library-nodejs google = ( ).google; calendar = google.calendar( ); ( { scopes = [ ]; keyFile = ; client = google.auth.getClient({ keyFile, scopes, }); client.subject = ; res = calendar.calendarList.list({ : client }); .log( .stringify(res.data)); })(); const require "googleapis" const "v3" async ( ) function const 'https://www.googleapis.com/auth/calendar' const './xxxxxxxxxxx.json' // Your should make it an environment variable const await // Delegated Credential "melvin@xxxxxxxxx.xx" const await auth console JSON > Accessing calendar list with delegated credential in Node I wasted a few hours trying to figure that out and I’m pretty sure the code I wrote wasn’t the best. Hence, I filed an , and hopefully the community would guide us the proper way of using delegated credentials. issue on their GitHub Lesson Of The Journey I set an expectation after understanding various authentication mechanism available given their complete step-by-step guide. The documentation of the library is however less anticipated. As a software engineer, keeping documentation updated is perhaps one of the ways to keep users from frustration.