Google authentication for Hubot and Slack.
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

Hubot-Slack Google Auth

Allows Slack users to authenticate with Google APIs using OAuth 2.0. This script is not meant to be used directly (it only has 1 command, for destroying a user's credentials), but provides an easy interface for other scripts to get an oauth2 client to be used with other Google APIs.


Create a new project in the Google Developers Console and add a new web application client ID. The redirect URI for the application should be <public web address of your hubot instance>/google/auth/callback The following environment variables must be set:

  • HUBOT_GOOGLE_SITE_VERIFICATION: When adding a push domain, Google requires you to verify you own the domain using Webmaster Tools. For convenience, you can set this env variable and the script will create the required HTML page that google checks.
  • HUBOT_URL: Public URL where your hubot instance is running. Used for the OAuth redirect URI.
  • HUBOT_GOOGLE_SCOPES: Comma-separated list of additional scopes (beyond the basic user info ones) needed when a user authenticates. For example, if using the calendar script you would need


This script is meant to be used by other scripts that respond to user commands, and as such there is really no "log in to google" command. Rather, it works by prompting the user to log in when they issue the first command that requires authentication and storing the access token and refresh token in the hubot brain.

To use in a script, just emit the google:authenticate event with the user (or message) and a callback that takes an error and oauth client:

robot.respond(/create(me )?( an)? event (.*)/i, function(msg) {
  robot.emit('google:authenticate', msg, function(err, oauth) {
    .events.quickAdd({ auth: oauth }, function(err, event) {
      // ...

The callback will be called immediately if the user is already authenticated, or after the user logs in if they aren't. It will also handle refreshing the access token if necessary.