Add google service-accounts user guidance on credential page

[hunterachieng]

Short Description

Improved the Credentials page and Google Sheets/Drive adaptor docs with platform-specific integration user guidance, service account recommendations, and updated credential screenshots.

Closes #742

Details

Adds platform-specific integration user guidance to the Credentials page and relevant Google adaptor pages. The Credentials page now links out to Salesforce and Google Sheets for platform-specific advice rather than duplicating content.

The Google Sheets and Google Drive adaptor pages each gain a "Using a Google Service Account" section covering least-privilege scope recommendations and resource sharing, plus updated screenshots for both OAuth and access token credential types.

AI Usage

Please disclose how you've used AI in this work (it's cool, we just want to
know!):

• I have used Claude Code
• I have used another model
• I have not used AI

You can read more details in our
Responsible AI Policy

[mtuchi]

@hunterachieng this not accurate, the raw access token is the OAuth 2.0 access token, Please revert this back to

Google Drive uses OAuth 2.0 access tokens for API authentication:

[hunterachieng]

@mtuchi I checked how we can add credentials for Google Drive and it uses both OAuth and you can add a raw access token on the creds page

[mtuchi]

@hunterachieng yes it's true you can add raw credential with any adaptor not only googlesheet, Are you saying it's possible to create a long lived access token from google cloud console ?

[hunterachieng]

No, the token only lives for 1 hour. Should I change and only focus on Oauth2?

[mtuchi]

@hunterachieng Yes, i think the way it was before is fine, we can add a foot note saying If you need to test the adaptor locally you, you can generate a 1hour token using gcloud cli

[mtuchi]

Hey @hunterachieng i left some comments in googledrive adaptor can you work on those and see if also you the other adaptor need the same changes

[mtuchi]

Pausing review, we might need to close this pr after all. I just found out that we don't support Service Account type of credential in our Google adaptors.

See my full comment here @hunterachieng #742 (comment)

[mtuchi]

I need @hunterachieng to approve the changes on adaptor firsts before approving this pr
See OpenFn/adaptors#1682

[mtuchi]

Okay i just had a chat with Stu on Gmail service account blocker, There is a bit of complexity on setting up service account permissions to be able to use that type of credential with Gmail adaptor. So for next steps is creating a thorough documentation on supporting service accounts for each google adaptor and highlighting their caveats.

For example with gdrive and googlesheets, the service account needs to have access to the file or folder to be able to use the credential. As for gmail, It only work for google workspace and the workspace admin needs to assign specific permissions to the service account to be able to use the credential.

What i learned from our call is Google is very sensitive when it comes to sending email via an API. So we should keep this in mind when we have to send email using Gmail account especially for local deployments of OpenFn lightning