Google BigQuery Deployment

Overview

In order to protect your privacy, Google has specific requirements for connecting and allowing applications to access your data. These requirements mean that there are some things you should know, and in server deployments some extra setup steps required, for projects connecting to Google BigQuery.

Local Deployment

This package uses internal resources owned by the “ReviewR” project on Google Cloud Platform. You can see our full privacy policy for how we handle your data (briefly, we only collect aggregate usage information, none of your data sets are revealed or accessible to us). If those terms are acceptable for you, no further configuration is required! However, if you would prefer not to authorize with ReviewR you may bring your own OAuth clientID from a Google Cloud Project of your choice.

To obtain and use your own Google API credentials:

  1. Obtain a Google Cloud Platform Project
  2. Create an OAuth clientID and secret
    • Within the project you created in step 1, head to APIs & Services > Credentials
    • At the top, click Create credentials > OAuth client ID
    • Select “Desktop” as the application type
      • Optionally, provide a name for your Desktop client
    • Click Create
  3. Locate the client ID that was created and click “Download JSON”
    • Save the file as “client_secret.json” to ~/.bq_client_id on Unix based systems or $HOMEPATH$/.bq_client_id/client_secret.json on Windows.

On launch, ReviewR will check the path defined in step 3 above for a client_secret.json file. If found, it will use these credentials instead of the Wiley Lab credentials that have been built into the package. Additionally, you may also run ReviewR::run_app(secrets_json = '/path/to/client_secret.json') if you would prefer to store this file elsewhere.

Server Deployment

If you are using ReviewR on a Shiny Server deployment and intend to connect to data stored in Google BigQuery you must obtain your own Google API credentials. Otherwise, authentication will fail as Google will be unable to determine where to redirect authenticated users. After ReviewR is installed and accessible on a server with a secured fully qualified domain name:

  1. Obtain a Google Cloud Platform Project
  2. Create an OAuth clientID and secret
    • Within the project you created in step 1, head to APIs & Services > Credentials
    • At the top, click Create credentials > OAuth client ID
    • Select “Web application” as the application type
      • Optionally, provide a name for your web application client
    • Add the https URL of your shiny server ReviewR installation to the Authorized redirect URIs section eg: https://your.shinyserver.url/ReviewR
    • Click Create
  3. Locate the client ID that was created and click “Download JSON”
    • Save the file as “client_secret.json”
  4. Upload this file to the following directory on your shiny server:
    • /srv/shiny-server/.bq_client_id
  5. If ReviewR is already installed, simply refresh the browser window.

Additional Reading: (https://gargle.r-lib.org/articles/get-api-credentials.html#get-a-google-cloud-platform-project-1)