Google Slides
Proxy for the Google Slides v1 REST API — the entire API surface:
create_presentation, get_presentation, get_page,
get_page_thumbnail, and batch_update. Dual auth by design, like drive
and calendar:
idp_passthroughmode for human users who want an agent to read or edit presentations they own. Each request carries the caller's own OAuth grant.google_samode (Workspace service account with domain-wide delegation) for headless workflows that read or write shared decks on a fixed identity's behalf.
Overview
Typical uses:
- An agent reads a deck's structure or renders a slide thumbnail to
describe it (
get_presentation,get_page,get_page_thumbnail). - A generation workflow creates a deck and adds slides / inserts text
(
create_presentation, thenbatch_updatewithcreateSlide/insertText).
Two upstream-shape notes specific to Slides:
- No list endpoint. The Slides API can't enumerate presentations;
discover presentation IDs via the Google Drive connector (filter on
mimeType = 'application/vnd.google-apps.presentation'), then operate on the ID here. - Mutations and deletes are
batch_update. Adding/deleting slides and page elements (createSlide,deleteObject,insertText) are request objects onbatch_update; deleting an entire presentation file is the Drive connector's job.
Default policy
The connector ships policy/slides.rego
(package pbac.connectors.identos.google_slides). It enforces:
1. IdP-routing subject obligation
subject_obligations contains obl if {
input.resource.type == "urn:connector:identos:google-slides"
input.connector.upstream_auth.type == "idp_passthrough"
input.subject.idp_provider != "google"
obl := { "type": "require_authn_at", "idp": "google", ... }
}
Same pattern as google-drive/gmail — a caller from a non-Google session gets a step-up obligation before any passthrough Slides call succeeds.
2. blocked_presentation_ids deny (read + write)
A "nuclear" deny: the presentation is off-limits to this connector entirely, reads and writes both blocked. Use it for a sensitive deck the service account can reach but that shouldn't be exposed to LLM-driven workflows.
3. read_only_presentation_ids deny (write only)
Listed presentations allow GET but deny batch_update. Reads still work —
useful for agents that should surface but not edit a shared deck.
Supplying operator data
curl -X PUT http://localhost:8080/admin/policy/data/pbac/operator/connectors/identos.google-slides \
-H "X-Admin-API-Key: $PBAC_ADMIN_API_KEY" \
-d '{
"blocked_presentation_ids": ["1AbcSensitiveDeckId"],
"read_only_presentation_ids": ["1XyzSharedDeckId"]
}'
Scope model
| Scope | Used for | |
|---|---|---|
| PBAC scopes (internal) | slides:read, slides:write | Route authorization |
| Upstream OAuth scopes | presentations | Google-side grant the user consents to (idp_passthrough mode); the service-account flow uses the same scope on the SA |
See Google Workspace: multi-connector setup for how slides' scopes compose with drive, gmail, and calendar on a single Google IdP.
Manifest reference
- ID:
identos.google-slides - Version:
1.0.0 - Resource type:
urn:connector:identos:google-slides
Supported auth modes
| Type | Details |
|---|---|
idp_passthrough | requires IdP google |
google_sa | setup fields: sa_key_env, domain |
Setup fields
| ID | Label | Default | Secret? | Notes |
|---|---|---|---|---|
base_url | API base URL | https://slides.googleapis.com | no | — |
upstream_auth.type | Authentication | idp_passthrough | no | idp_passthrough forwards each user's own Google OAuth token (recommended). google_sa uses a Workspace service account with domain-wide delegation impersonating a fixed user. |
sa_key_env | Service account key | — | yes | Pick a secret containing the service-account JSON. Required only for the google_sa auth mode. / shown when upstream_auth.type == 'google_sa' |
domain | Workspace domain | — | no | placeholder: example.com / Required only for the google_sa auth mode. / shown when upstream_auth.type == 'google_sa' |
Scopes
| Scope |
|---|
slides:read |
slides:write |
Routes
| Method | Pattern | Scope | Resource template |
|---|---|---|---|
POST | /v1/presentations | slides:write | — |
GET | /v1/presentations/{presentation_id} | slides:read | slides://{{presentation_id}} |
GET | /v1/presentations/{presentation_id}/pages/{page_object_id} | slides:read | slides://{{presentation_id}} |
GET | /v1/presentations/{presentation_id}/pages/{page_object_id}/thumbnail | slides:read | slides://{{presentation_id}} |
POST | /v1/presentations/{presentation_id}:batchUpdate | slides:write | slides://{{presentation_id}} |
MCP tools
| Name | Scope | Description |
|---|---|---|
create_presentation | slides:write | Create a new presentation. Pass {"title": "..."}. Add slides afterward with batch_update. |
get_presentation | slides:read | Get a presentation's full structure (slides, layouts, masters, page elements). |
get_page | slides:read | Get a single page (slide) of a presentation by its object ID. |
get_page_thumbnail | slides:read | Get a rendered thumbnail image URL for a single page (slide). |
batch_update | slides:write | Apply one or more updates (createSlide, deleteObject, insertText, replaceAllText, image/shape ops, …) via Slides Request objects. This is also how you DELETE slides/objects. |
Operator data schema
Keys the operator can supply under data.pbac.operator.connectors["identos.google-slides"].* — consumed by the connector's policy.
| Key | Type | Description |
|---|---|---|
blocked_presentation_ids | array | Presentation IDs that are off-limits to this connector — reads and writes both denied. |
read_only_presentation_ids | array | Presentation IDs where batch_update is denied regardless of the caller's scope. Reads still work. |