How to use google-api-ruby-client with the Google Calendar API?

Question

I've been reading the docs for the Google Calendar API and the google-api-ruby-client library, but I'm having a lot of trouble understanding them.

I have a Rails application that has a front end that lets users create objects called Events, and it saves them in a database on my server. What I would like is, after these Events are saved in the database, I want to call the Google Calendar API to create an event on a Google Calendar (that the server created, and only the server has access to modify that calendar).

I'm having lots of issues figuring out how to authenticate with the API using the ruby library. It doesn't make sense for me to use OAuth2 because I don't need to authorize anything with the user because I'm not interested in their data. I looked into Service Accounts (http://code.google.com/p/google-api-ruby-client/wiki/ServiceAccounts), but it looks like Google Calendars is not supported by Service Accounts.

Anyone have any ideas? This is the code I was experimenting with (using Service Accounts):

@client = Google::APIClient.new(:key => 'my_api_key')
path_to_key_file = '/somepath/aaaaaa-privatekey.p12'
passphrase = 'my_pass_phrase'
key = Google::APIClient::PKCS12.load_key(path_to_key_file, passphrase)
asserter = Google::APIClient::JWTAsserter.new(
        'blah_blah@developer.gserviceaccount.com',
        'https://www.googleapis.com/auth/calendar',
        key)
# To request an access token, call authorize:
@client.authorization = asserter.authorize()

calendar = @client.discovered_api('calendar', 'v3')

event = {
  'summary' => 'Appointment',
  'location' => 'Somewhere',
  'start' => {
      'dateTime' => '2012-06-03T10:00:00.000-07:00'
   },
   'end' => {
      'dateTime' => '2012-06-03T10:25:00.000-07:00'
    },
    'attendees' => [
        {
          'email' => 'attendeeEmail'
        },
        #...
      ]
   }

result = @client.execute!(:api_method => calendar.events.insert,
                            :parameters => {'calendarId' => 'primary'},
                            :body => JSON.dump(event),
                            :headers => {'Content-Type' => 'application/json'})

Then of course I get this error message: Google::APIClient::ClientError (The user must be signed up for Google Calendar.) because the Service Account does not support Google Calendars.

Answer 1

I was having trouble with this too and finally got a handle on it. The bottom line is that Google Calendar API v3 requires OAuth and you need to setup an App/Project through the Google Developer Console and then request OAuth permission on the target Google account. Once authorization is granted, you'll want to save the refresh token and use it on subsequent calls to get new access tokens (which expire!). I wrote a detailed blog post about this here: http://www.geekytidbits.com/google-calendar-api-from-ruby/ and this is my example script that should hopefully help you understand the flow:

#gem install 'google-api-client'

require 'google/api_client'

#Setup auth client
client_secrets = Google::APIClient::ClientSecrets.load #client_secrets.json must be present in current directory!
auth_client = client_secrets.to_authorization
auth_client.update!(
  :scope => 'https://www.googleapis.com/auth/calendar',
  :access_type => "offline", #will make refresh_token available
  :approval_prompt =>'force',
  :redirect_uri => 'http://www.myauthorizedredirecturl.com'
)

refresh_token_available = File.exist?('refresh_token.txt')

if !refresh_token_available
 #OAuth URL - this is the url that will prompt a Google Account owner to give access to this app.
 puts "Navigate browser to: '#{auth_client.authorization_uri.to_s}' and copy/paste auth code after redirect."

 #Once the authorization_uri (above) is followed and authorization is given, a redirect will be made 
 #to http://www.myauthorizedredirecturl.com (defined above) and include the auth code in the request url.
 print "Auth code: "
 auth_client.code = gets
else 
 #If authorization has already been given and refresh token saved previously, simply set the refresh code here.
 auth_client.refresh_token = File.read('refresh_token.txt')
end

#Now, get our access token which is what we will need to work with the API.
auth_client.fetch_access_token!

if !refresh_token_available
    #Save refresh_token for next time
    #Note: auth_client.refresh_token is only available the first time after OAuth permission is granted.  
    #If you need it again, the Google Account owner would have deauthorize your app and you would have to request access again.
    #Therefore, it is important that the refresh token is saved after authenticating the first time!
    File.open('refresh_token.txt', 'w') { |file| file.write(auth_client.refresh_token) }
    refresh_token_available = true
end

api_client = Google::APIClient.new
cal = api_client.discovered_api('calendar', 'v3')

#Get Event List
puts "Getting list of events..."
list = api_client.execute(:api_method => cal.events.list, 
    :authorization => auth_client,
    :parameters => {
        'maxResults' => 20, 
        'timeMin' => '2014-06-18T03:12:24-00:00', 
        'q' => 'Meeting', 
        'calendarId' => 'primary'})

puts "Fetched #{list.data.items.count} events..."

#Update Event
puts "Updating first event from list..."
update_event = list.data.items[0]
update_event.description = "Updated Description here"
result = api_client.execute(:api_method => cal.events.update, 
    :authorization => auth_client,
    :parameters => { 'calendarId' => 'primary', 'eventId' => update_event.id}, 
    :headers => {'Content-Type' => 'application/json'},
    :body_object => update_event)
puts "Done with update."

#Add New Event
puts "Inserting new event..."
new_event = cal.events.insert.request_schema.new
new_event.start = { 'date' => '2015-01-01' } #All day event
new_event.end = { 'date' => '2015-01-01' } 
new_event.description = "Description here"
new_event.summary = "Summary here"
result = api_client.execute(:api_method => cal.events.insert, 
    :authorization => auth_client,
    :parameters => { 'calendarId' => 'primary'}, 
    :headers => {'Content-Type' => 'application/json'},
    :body_object => new_event)
puts "Done with insert."

Answer 2

I don't know anything about Ruby. But it seems like understanding the underlying REST queries would help debug your problem. I've documented them here: http://www.tqis.com/eloquency/googlecalendar.htm

Answer 3

I think you'll still need a real google user to host the calendar instance. But once you've got the calendar created under your identity, you can share it with the service account. In the sharing settings for the calendar, just use the email address of the service account (my service account ends with @developer.gserviceaccount.com). With the right sharing permissions, your service account can create/alter the event info, and not mess with your specific identity. From there, you can share the calendar with more people (or public) for their consumption of the mirrored events.

The other hitch I've run into is that it seems you can only authorize() the service account once per expiration period. You'll have to save the token you get and reuse it for the next hour, and then fetch a new one.