Documentation - OAuth Client Credentials (internal) available only for G-Suite users

[pbdname]

One of the necessary steps to use this plugin is creating OAuth Client Credentials. The tutorial instructs user to choose "interal" type, but it is (now) available only to G-Suite users. Other Google users can choose only "external" type, which comes with some limitations:

In this mode, your app is available to any user with a Google Account. External apps that request sensitive or restricted user data must first be verified by Google. This process may take 4–6 weeks. In addition, if you selected restricted scopes, you'll need to go through an independent security review, which can cost $15k–$75k.

The documentation should mention in Requirements chapter the need for G-Suite account.

[tsteur]

Thanks @pbdname do you maybe have a link with more information about this where it says it requires a G-Suite account? That be great.

[tsteur]

fyi some screens. It is indeed not possible to select "Internal"

[pbdname]

fyi some screens. It is indeed not possible to select "Internal"

Same for me. As "normal" Google user, I cannot select "internal" and only the popup, that @tsteur posted, is displayed.

[tsteur]

Note:

I just tested it and was able to successfully connect type "external" with Matomo without being "verified". However, while authorizing a user Google was showing this warning which can be skipped:

As maybe no restricted and no sensitive scopes are being requested things might just still work and no long review process is needed. There would then be also no cost.

I couldn't fully test it though because I don't have a GA account.

[sgiehl]

The same actually also applies for SearchPerformance and Advertising plugin. Both also require OAuth consent. But I just created a external OAuth consent with access to SearchConsole API, and with that there isn't any warning shown, seems that only happens with Analytics API

[tsteur]

@sgiehl will we need to update the guides for these 2 plugins to update the type to external?

[tsteur]

@mattab @diosmosis @sgiehl
I just tested the import using Type=External and it worked for me.

I suggest we adjust all those three guides (Importer, Search keywords and Paid Advertising) to use Internal should they have a gsuite account, and External otherwise. We'd also need to mention that we don't require any sensitive or restricted scopes which is why no long verification process (and therefore no cost) will be needed. With external type they may see a warning like this: #114 (comment) but it can be safely ignored.

Would need to document this all. At least that what it looks like for me

[diosmosis]

added to the importer docs:

[diosmosis]

changed "session" to "section" in the docs

[Starker3]

We've updated the guide for creating OAuth credentials here: https://matomo.org/docs/google-analytics-importer/#1-creating-google-oauth-client-config

If anyone would like to test and give us feedback in case anything needs to be changed or improved, that would be very welcome.