Episode 543: Easy Management of Mailing List by Cooperating with Google Group

Sunday, July 9, 2017

Information sharing by email

Mailing lists are useful.

It is used in many organizations on a daily basis, such as for "information sharing" within the organization or for "information announcement" to customers. However, there are not a few cases where "maintenance work" of the list is neglected.
  • Delivering to people who should not receive the email (Information leakage?)
  • Not delivered to people who should receive the email (Typical tragedy on newcomers?)
Such a kind of situation will be occurring all over the world.

Automatic addition of Subscriber

The following Business Process definition is "Information material request correspondence flow".

This Workflow will be initiated by request via Web by a customer. And, when the requested Issue reaches at the automatic Step "Add to Subscriber", the "customer's email address" will be automatically added to the mailing list (Google Group).

Such "automatization" of processing not only eliminates the trouble of the G Suite administrator accessing the management screen to manually copy the data, but also contributes to preventing troubles due to setting mistakes and time loss. Moreover, it realizes "Address addition history record" which was difficult by manual setting.

[Information Material Request Correspondence]

[Information Material Request Correspondence:"1. Material sending" screen]

Behavior of automatic Step

This automatic Step is referred as "Service Task", and it allows the Workflow Step to be unmanned by only settings. (Server side processing)

* In this example, "addon service process" is used instead of "standard Service Task". You need to import the definition file (Addon-XML) beforehand.

When the Issue arrives at the automatic Step ("Add to Subscriber" in the above figure), processing according to the definition file will be carried out. In this example, an "Email address" entered by the customer is sent in POST method (OAuth2 request) to "Google Group" (strictly "Admin SDK Directory API"), and automatically added it as "Member".

[Codes in Definition file]
<?xml version="1.0" encoding="UTF-8"?><service-task-definition> 

<label>Google Group member add</label> 
<label locale="ja">Google Group メンバー追加</label> 

<summary>1. Get Secret: https://console.developers.google.com/apis/dashboard 
2. Manage Domain: https://admin.google.com/ManageOauthClients 
3. Config [OAuth 2.0 Setting] 

<help-page-url locale="ja">https://www.questetra.com/ja/tour/m4/m415/addon-googlegroup-member-add</help-page-url> 

  <config name="conf_OAuth2" required="true" form-type="TEXTFIELD"> 
    <label>A: Set OAuth2 Config Name (at [OAuth 2.0 Setting])</label> 
    <label locale="ja">A: OAuth2通信許可設定名 (←[OAuth 2.0 設定])</label> 
  <config name="conf_DataIdB" required="true" form-type="SELECT" select-data-type="STRING_TEXTFIELD|SELECT_CHECKBOX"> 
    <label>B: Select STRING/CHECKBOX for Group Address (Non-existent Error)</label> 
    <label locale="ja">B: Groupアドレスが格納されている文字列型データorチェックボックス型データを選択してください(存在しない場合、エラー)</label> 
  <config name="conf_DataIdC" required="true" form-type="SELECT" select-data-type="STRING_TEXTFIELD"> 
    <label>C: Select STRING DATA for Email to Add</label> 
    <label locale="ja">C: 追加するメールアドレスが格納されている文字列型データを選択してください</label> 
  <config name="conf_DataIdX" required="false" form-type="SELECT" select-data-type="STRING_TEXTAREA"> 
    <label>X: Select STRING DATA for Access Log (update)</label> 
    <label locale="ja">X: 通信ログが格納される文字列型データを選択してください (更新)</label> 

// Google Group member add via Admin SDK Directory API (ver. 20170703) 
// (c) 2017, Questetra, Inc. (the MIT License) 

//// == 工程コンフィグの参照 / Config Retrieving == 
var oauth2  = configs.get( "conf_OAuth2" ) + ""; 
var dataIdB = configs.get( "conf_DataIdB" ); // (returns key) 
var dataIdC = configs.get( "conf_DataIdC" ); // (returns key) 
var dataIdX = configs.get( "conf_DataIdX" ); // (returns key) 

//// == ワークフローデータの参照 / Data Retrieving == 
var targetGroups = []; 
var dataDefB = engine.findDataDefinitionByNumber( dataIdB ); 
if( dataDefB.matchDataType("SELECT_CHECKBOX") ){ 
  var selectedGroups = data.get( dataIdB ); 
  for( var i = 0; i < selectedGroups.size(); i++ ){ // java.util.ArrayList 
    var pushGroup = selectedGroups.get(i).getValue() + ""; 
    targetGroups.push( pushGroup ); 
  var pushGroup = data.get( dataIdB ) + ""; 
  targetGroups.push( pushGroup ); 
var memberEmail = data.get( dataIdC ) + ""; 

//// == 演算 / Calculating == 
var accessLog = ""; 
var token = httpClient.getOAuth2Token( oauth2 ); 

for( var i = 0; i < targetGroups.length; i++  ){ // javascript array 
  var uri = "https://www.googleapis.com/admin/directory/v1/groups/" + targetGroups[i] + "/members"; 
  var requestObj = {}; 
  requestObj.email = memberEmail; 
  requestObj.role = "MEMBER"; 
  var response = httpClient.begin() 
    .bearer( token ) 
    .body( JSON.stringify( requestObj ), "application/json" ) 
    .post( uri ); 
  accessLog += "---POST request--- " + response.getStatusCode() + "\n"; 
  accessLog += response.getResponseAsString() + "\n"; 

//// == ワークフローデータへの代入 / Data Updating == 
if( dataIdX !== "" ){ 
  retVal.put( dataIdX, accessLog ); 



What an administrator should pay attention to

"Service Task" is easily available by importing the definition file (Addon-XML).

In case where you could not find "Service Task" corresponding to the processing required by the company, you would make arrangement to the existing definition file or use the one arranged by a third party.

* In fact, there are countless patterns of Service Tasks which throws requests to the Cloud APIs.

However, in this example for instance, communication with the management APIs of the entire G Suite domain referred as "Admin SDK Directory API v1" (*) is defined. Even though the operation scope is limited to "admin.directory.group.member", a malicious programmer is able to revise it into code that automatically adds the address of public email newsletter or the address for purpose of information gathering.

Therefore, it is necessary to use the definition file of "Service Task" that has been created by a trusted developer.

* For system setting, it used to be "Provisioning API" that was used. Even at G Suite (Google Apps), it was widely used since the beginning of service provisioning in 2006, until it was abolished in April 2015.

<OAuth 2.0 communication permission setting of in advance >
1. Google Developers Console settings
Access to Dashboard (https://console.developers.google.com/apis/dashboard), and enable [Admin SDK Directory API], then obtain "Client ID" and "Client secret".
  • Application type: Web application
  • Authorized Redirect URI: https://s.questetra.net/oauth2callback

2. G Suite system setting
Access to "Advanced Settings> Authentication> Manage API client access" (https://admin.google.com/ManageOauthClients) on the domain administration screen, and authorize "Client ID" and its communication scope.
  • Client ID: (Obtained at Google Developers Console)
  • Scope: https://www.googleapis.com/auth/admin.directory.group.member

3. Questetra's Workflow App Communication settings
Setup [OAuth 2.0 Setting] and retrieve the refresh token.
  • Name: arbitrary
  • Authorization Endpoint: URLhttps://accounts.google.com/o/oauth2/auth?access_type=offline&approval_prompt=force (Google standard)
  • Token Endpoint URL: https://accounts.google.com/o/oauth2/token (Google standard)
  • Scope: https://www.googleapis.com/auth/admin.directory.group.member
  • Client ID: (Obtained at Google Developers Console)
  • Consumer Secret: (Obtained at Google Developers Console)

[Modeling movie]

[Data Items list]

[Free Download]
<Similar Models>
<<Related Articles>>

[Japanese Entry (和文記事)]