Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Create one or multiple credentials for different projects using OAuth 2.0 client IDs?

I first created a Google API project on Google developer console and configured a OAuth 2.0 client IDs as credentials in order to let my C# projects to access the Google Drive.

However, I'm new to developing with Google APIs I am not able to understand when i should create new credentials or projects.

Should I create multiple credentials (maybe one credentials for one project?) or actually it's fine to use the same credential for multiple projects? What's the purpose to create more than one credential?

like image 229
Tak Avatar asked Mar 22 '18 06:03

Tak


People also ask

What credentials can the OAuth 2.0 client credentials grant flow use?

You can use the OAuth 2.0 client credentials grant specified in RFC 6749, sometimes called two-legged OAuth, to access web-hosted resources by using the identity of an application.


1 Answers

If you are creating different applications then you should create different projects on google developer console each with their own set of credentials.

The reason for this is to ensure that you dont run into any issues with quota. It also allows Google to track who is using their data and how much.

You should also consider when you define your project and create credentials you are giving it an name. When a user authenticates your application they are granting access to Super app one to use their data if you use this client with Super app two then they wont know who has access to their data.

My personal rules

  1. Each application is a project on Google developer console.
  2. in that project i create a client id for local, test, and production environments.

Update from comment about project creation quota

My current project quota

You have 37 projects remaining in your quota. Learn more.

You can always request additional projects do it early from what i remember it took a week or so to get them. Project quota requests

Update usage to create multiple credentials for same project then

Like i mentioned before if you use the same project for credentials on different projects you are miss leading your users. The fields i have marked with arrows denote an APPLICATION they are specific to the application requesting access. They are part of the project itself. All of the clients created under that project are going to use the same consent screen. If you use it for two different applications you are IMO miss leading the users in what application they are granting access to their data.

enter image description here

You may also be miss leading Google as i believe the TOS requires one project per application making a request hence the consent screen having application name and link to the application contacts. However i think i need to read though the TOS doc again to make sure this is a requirement.

You are also more likely to hit quota limits. A lot of the limits are project based not credential based so if you have two applications reading from the same api with two different credentials created under the same project. You are going to hit the quota a lot faster than if you had created each application its own project.

Example: Google Analytics example max project request 50000 per day.

Same project

  • Application one requests 20000
  • Application two requests 30000

both application one and application two are now blocked from making requests for the rest of the day as they have in totally hit 50000 requests.

Two separate projects

  • Application one makes 30000 requests
  • Application two makes 50000 requests.

Application two is now blocked for the rest of the day as it made 50000 requests. Application one continues to work until it has also hit 50000 requests.

like image 123
DaImTo Avatar answered Oct 07 '22 01:10

DaImTo