Hello Everyone.
For a specific project aimed at managing schedules via Google Calendar, I had to create a Tryton module that allows the creation of credentials to authenticate with the Google platform.
Proposal
Motivation
Many businesses using Tryton require integration with Google Workspace services. Currently, thereβs no standardized way to authenticate and interact with Google APIs within Tryton. This module aims to fill that gap by providing:
- A reusable OAuth2 authentication framework
- Secure credential management
- An extensible architecture for multiple Google services
- A reference implementation with Google Calendar
Features
Core Capabilities
1. OAuth2 Authentication Flow
- Full OAuth2 implementation with PKCE (Proof Key for Code Exchange) for enhanced security
- Automatic token refresh handling
- Custom WSGI route for OAuth callback handling
2. Credential Management
The module implements a comprehensive state machine for managing Google credentials:
without_authorization- Initial state, no authorization requestedauthorization_pending- Authorization URL generated, awaiting user consentauthorized- Successfully authenticated with valid tokensauthorization_expired- Tokens expired or revoked, re-authorization needed
3. User Interface
- Intuitive form interface with three main tabs:
- Configuration: OAuth client credentials setup (Client ID, Secret, Redirect URI)
- Authentication: Authorization flow management with clickable authorization URL
- Synchronization: Sync status and control panel
- Tree view for managing multiple credential sets
- One-click authorization button that generates the OAuth URL
4. Extensible Architecture
- Abstract base class (
GoogleService) for implementing different Google services - Template Method pattern for consistent service integration
- Easy to extend with additional Google APIs (Drive, Gmail, Contacts, etc.)
Architecture & Design
Module Structure
google_integration/
βββ __init__.py # Module registration
βββ credentials.py # GoogleCredentials model
βββ google_service.py # Abstract base class
βββ google_calendar.py # Calendar service implementation
βββ routes.py # OAuth callback handler
βββ credentials.xml # Views and menu definitions
βββ view/
β βββ google_credential_form.xml
β βββ google_credential_list.xml
βββ tests/
β βββ __init__.py
β βββ test_module.py
β βββ test_module_api.py
β βββ test_scenario.py
βββ doc/ # Documentation structure
βββ tryton.cfg # Module configuration
βββ setup.py # Package setup
Database Schema
The module introduces one main model: google_integration.google_credentials
Fields:
- Configuration:
name,client_id,client_secret,redirect_uri - OAuth Flow:
oauth_state,code_verifier,authorization_url - Tokens:
access_token,refresh_token,token_expiry - Synchronization:
sync_enabled,last_sync - State: Current authorization status (selection field)
Methods:
get_credentials()- Returns Google Credentials object for API authenticationrequest_authorization()- Initiates OAuth2 flow (button method)refresh_credentials()- Refreshes expired access tokens
Custom Routes
The module registers a custom WSGI route:
- Route:
/<database_name>/google/callback - Method: GET
- Purpose: Handles OAuth2 callback from Google
- Security: State validation, transaction context with system user
- Response: User-friendly HTML confirmation page
Use Cases
-
Calendar Synchronization
- Sync Tryton events with Google Calendar
- Two-way synchronization of appointments
- Team calendar management
-
Document Management (future)
- Store Tryton attachments in Google Drive
- Share documents with customers/suppliers
- Collaborative document editing
-
Email Integration (future)
- Send emails through Gmail API
- Track email communications
- Automated email responses
-
Contact Synchronization (future)
- Sync Tryton parties with Google Contacts
- Mobile access to business contacts
- Unified contact management
-
Multi-Service Integration
- Single credential set for multiple Google services
- Centralized permission management
- Consistent authentication across services