feat: Gmail OAuth - Connect with Google for individual org accounts #9

New Issue

MrUnknownDE · 2026-04-05T16:16:09+02:00

MrUnknownDE commented

2026-04-05 16:16:09 +02:00

Originally created by @benzntech on 3/19/2026

Summary

Adds google_oauth as a new ingestion provider type for individual Gmail organizational accounts
Introduces GoogleOAuthCredentials type (email, accessToken, refreshToken) alongside the existing google_workspace service-account provider — no breaking changes
Includes full RapidSpec proposal, tasks, investigation, research, and spec delta in rapidspec/changes/gmail-oauth-connect/

Problem

Connecting a Gmail account currently requires pasting a raw Google Service Account JSON blob + an admin email — a highly technical process that breaks the UX expectations of modern users.

Solution

A new google_oauth provider that lets individual users click "Connect with Google", complete a standard OAuth consent flow, and have their mailbox added automatically. No manual credential fields.

OAuth Flow

User clicks "Connect with Google"
  → GET /api/v1/oauth/google/authorize (authenticated)
  → Redirect to Google consent screen (gmail.readonly + userinfo.email)
  → GET /api/v1/oauth/google/callback
  → Exchange code → store tokens → create IngestionSource
  → Redirect to /dashboard/ingestions

What's in this PR

packages/types/src/ingestion.types.ts — GoogleOAuthCredentials interface + google_oauth in provider union
rapidspec/changes/gmail-oauth-connect/ — full proposal spec (implementation continues in follow-up PRs)

Test plan

pnpm build passes with updated types
Remaining implementation tasks tracked in rapidspec/changes/gmail-oauth-connect/tasks.md

*Originally created by @benzntech on 3/19/2026* ## Summary - Adds `google_oauth` as a new ingestion provider type for individual Gmail organizational accounts - Introduces `GoogleOAuthCredentials` type (`email`, `accessToken`, `refreshToken`) alongside the existing `google_workspace` service-account provider — no breaking changes - Includes full RapidSpec proposal, tasks, investigation, research, and spec delta in `rapidspec/changes/gmail-oauth-connect/` ## Problem Connecting a Gmail account currently requires pasting a raw Google Service Account JSON blob + an admin email — a highly technical process that breaks the UX expectations of modern users. ## Solution A new `google_oauth` provider that lets individual users click **"Connect with Google"**, complete a standard OAuth consent flow, and have their mailbox added automatically. No manual credential fields. ## OAuth Flow ``` User clicks "Connect with Google" → GET /api/v1/oauth/google/authorize (authenticated) → Redirect to Google consent screen (gmail.readonly + userinfo.email) → GET /api/v1/oauth/google/callback → Exchange code → store tokens → create IngestionSource → Redirect to /dashboard/ingestions ``` ## What's in this PR - `packages/types/src/ingestion.types.ts` — `GoogleOAuthCredentials` interface + `google_oauth` in provider union - `rapidspec/changes/gmail-oauth-connect/` — full proposal spec (implementation continues in follow-up PRs) ## Test plan - [ ] `pnpm build` passes with updated types - [ ] Remaining implementation tasks tracked in `rapidspec/changes/gmail-oauth-connect/tasks.md`

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/OpenArchiver#9