aclements · rsc · Feb 13, 2025
diff --git a/minutes3/README.md b/minutes3/README.md
@@ -2,28 +2,23 @@
 
 Go to https://console.developers.google.com/.
 
-Create a new GCP project. I called mine `proposal-minutes`.
-
-Configure the OAuth consent screen: Go to APIs & Services > OAuth consent
-screen. Select "Internal" and click "Create". Enter an app name. I called it
-`proposal-minutes`. Fill in other required fields, though most can be left
-blank. Click "Save and continue". You don't need to add any scopes. Click "Save
-and continue".
-
-Enable Google Sheets: Go to APIs & Services > Enabled APIs and Services. Click
-"Enable APIs and Services". Search for the "Google Sheets API" and enable it.
-
-Create OAuth credentials: Go to APIs & Services > Credentials. Click Create
-Credentials > OAuth client ID. Select "Desktop app", give it a name (I used
-`proposal-minutes`, again), and click Create. On the next screen, click
-"Download JSON" and save this file as `~/.config/proposal-minutes/gdoc.json`.
-
-Enable write scope for spreadsheets: Go to APIs & Services > OAuth consent
-screen > Data Access and click "Add or remove scopes". Add the
-`https://www.googleapis.com/auth/spreadsheets` scope, either by finding it in
-the table of known scopes or by manually entering it. Click "Update". Finally,
-click "Save" on the Data Access page. (Note: If you already had a cached OAuth
-token, you'll have to delete it.)
+- Create a new GCP project, or use an existing one. I called mine `proposal-minutes`.
+- Go to IAM & Admin > Service Acccounts.
+- Click "+ Create Service Account".
+- Enter a service account name (I used `proposal-minutes`).
+- Enter a description, like `proposal minutes bot`
+- Click "Create and Continue"
+- Skip the "Grant this service account access to project". Click "Continue"
+- Skip the "Grant users access to this service account". Click "Continue".
+- Back at the Service Accounts screen, click on the email address for the new service account,
+  bringing up the "Service account details" page.
+- Click the "Keys" tab.
+- Click "Add Key", then "Create New Key", then "JSON", then "Continue".
+- Copy the downloaded file to to `~/.config/proposal-minutes/gdoc-service.json`
+  (use `~/Library/Application Support/proposal-minutes/gdoc-service.json` on a Mac).
+- Go back to the Details tab and copy the email address for the account, something like `[email protected]`.
+
+In the Proposal Minutes v3 spreadsheet, click Share and then add that email address as an editor of the doc.
 
 # Generate GitHub token
 

diff --git a/minutes3/gdoc.go b/minutes3/gdoc.go
@@ -12,6 +12,7 @@ import (
 	"fmt"
 	"io/fs"
 	"log"
+	"net/http"
 	"os"
 	"regexp"
 	"strconv"
@@ -23,6 +24,18 @@ import (
 	"google.golang.org/api/sheets/v4"
 )
 
+func getOAuthClient(scopes []string) *http.Client {
+	data, err := os.ReadFile(getConfig("gdoc-service.json"))
+	if err != nil {
+		log.Fatal(err)
+	}
+	cfg, err := google.JWTConfigFromJSON(data, scopes...)
+	if err != nil {
+		log.Fatal(err)
+	}
+	return cfg.Client(oauth2.NoContext)
+}
+
 func getOAuthConfig(scopes []string) *oauth2.Config {
 	// Read the "client" (application) config.
 	data, err := os.ReadFile(getConfig("gdoc.json"))
@@ -92,8 +105,7 @@ func parseDoc(docID string) *Doc {
 			// There's no way to limit this to just one doc! >:(
 			"https://www.googleapis.com/auth/spreadsheets",
 		}
-		config := getOAuthConfig(scopes)
-		client := makeOAuthClient(getCacheDir(), config)
+		client := getOAuthClient(scopes)
 		srv, err := sheets.NewService(context.Background(), option.WithHTTPClient(client))
 		if err != nil {
 			log.Fatalf("Unable to retrieve Docs client: %v", err)