OAuth 2.0 to access Google APIs

How to access Google APIs by using OAuth 2.0

What is actually happening?

So the process involves 3 feedback loops,

1. You make a request for a token, a consent window appears, where you allow the application to use your google account APIs.
2. Google server returns you a code.
3. You use that code to request the token.
4. Google returns you the token.
5. You use the token to hit the APIs.
6. You get the response.

How to use OAuth in your application?

So the first thing to do is to register your application in the Google API console, What!! you have never registered an app, Don’t worry I’ll tell you How to do that.

# Create A Project

1. well open Google API console, and search for select a project button in the top bar and then NEW PROJECT, Type in your project name, And Hit Create. Any projects you created previously will be listed under “No organization”, if you have created organizations, then you’d need to move them to that organization in settings.

# API Library

1. You’ll be redirected to a window, that says Welcome to the API Library. Here you need to select and Enable what APIs you gonna use in this project.

# Configure Consent Screen

You would now need to Configure the consent screen, Well what's the consent screen? The screen where any user will be giving her consent to the Application to use her Google account. However, this access will be limited.

1. On the first page, you’ll be asked basic details like email, Project name.
2. The second page concerns Scope Or permissions, Here you can choose from the list of APIs you have enabled before. I refer to Google API Scope, in order to know what scope do I need for my app
3. The third screen concerns Test Users. Add test users to your application here, However, the count is limited.
4. The fourth screen just summarizes everything, Then just Publish your app.

# Configure Credentials

Now You’ll now need to create credentials. you can do that by visiting Credentials. Click on create Credential and select OAuth ID Client. Most of the google API only works with OAuth, so don’t bother to create an API key kind of credential.

1. Configure your Application type, if you chose Web, you’d need to provide an origin URI and a redirect URI. Later on, The Authorization Code will be returned in the form of query params on the redirect URL.
2. It will give you a Client ID and a Client Secret. You’ll be using them to make API calls.

So now that you have Created credentials, configured the consent screen, your app is registered on the Google API console. This is the time to make some API calls!!! Yeah, But wait, you do know how to write an API call, right? Well, you must.

# Okay, so the first thing to do is to request the code. Now, What is the code? The code is an authorization code that is used to authorize your application to access the user’s Google account. How you’ll be doing that?

By redirecting the user to https://accounts.google.com/o/oauth2/v2/auth and providing Request Option like Client_id, Redirect_URI, etc. in the query parameters, like shown in the image below.

This will provide the user with a Consent screen, where they will give their consent to the application to use their Google account.

Then Google server will return a response with either error message or code along with scope as a query parameter in the redirect URI. Example: http://localhost:8000/code=4/P7q7W91aoMsCeLvIaQm6bTrgtp7&scope=https://www.googleapis.com/auth/fitness.sleep.read

# I am hoping that you have extracted code from the URL, you’ll now use this code to request the token.

You need to make a Post request on https://oauth2.googleapis.com/token

Here, data passed in Body must contain the code that we get by previous call, Client_id & Client_secret that we get from google API console, Redirect_URI, and Grant_type.

In grant type its specified, what kind of credentials are being used to get the access token for the User’s data. Here, I am using authorization code to get the access token. Hence, I am specifing that.

This will return you a response which would look like this,

Now you can simply hit Google APIs by using This access_token.

# What to do when your access token expires?

Well, you can repeat the whole process of asking for code, then the user giving her consent on the consent screen, and then the post request call to get token, and after these tiring calls you get your access token, or instead, you can use the refresh_token to ask for new access_token. How will you do that?

You need to make a Post request on the same URL, that is , https://oauth2.googleapis.com/token with same Headers, but body litle bit changed as shown below.

Here, data passed in Body must contain the refresh_token ( that we get when we get the access_token by using autherization_code). Client_id & Client_secret that we get from google API console, and Redirect_URI, and Grant_type.

Here, I am using refresh_token to get the access_token. Hence, I am specifing that in grant_type.

And the response you’ll be getting this time will also be a bit different, but it will contain your access_token. But there wont be any refresh_token in this response , so keep this refresh_token safe.

# Revoking the token

The revoking timer for the access token comes with its object. However, Refresh_token does not expire, Only the user can revoke it. So, Give your user some functionality to revoke her token.

The access_token or Refresh_token both can be revoked by using this post API, https://oauth2.googleapis.com/revoke?token={token}

This token here can be both access_token or refresh_token. If the token passed is an access token and it has a corresponding refresh token, the refresh token will also be revoked.

References ~
- for scope : https://developers.google.com/identity/protocols/oauth2/scopes
- google official OAuth2.0 Doc: https://developers.google.com/identity/protocols/oauth2/web-server
- google fit Doc: https://developers.google.com/fit/scenarios/write-sleep-data
- IETF standard OAuth 2.0: https://datatracker.ietf.org/doc/html/rfc6749