How to make certified RESTful oAuth 2 backend requests to Google API

Question

I need to make backend oAuth 2 REST calls to the Google Prediction API, working in node.js, but I'm very confused by the documentation around making the correct oAuth call (backend so without the web flow auth flow):

The requests look like this:

GET https://www.googleapis.com/prediction/v1.6/projects/989280437849/trainedmodels/list?maxResults=5&pageToken=1&key={YOUR_API_KEY}

With headers that look like this

Authorization: Bearer ya29.AHES6ZSyB5W2gp4GfmZIGrVHLyisJB9hCbNLW3mj5rs0Oqg X-JavaScript-User-Agent: Google APIs Explorer

The oAuth documentation is here, says I need a "Service Account": https://developers.google.com/accounts/docs/OAuth2?csw=1

and here https://developers.google.com/accounts/docs/OAuth2ServiceAccount

What kind of oAuth token should I set up? http://screencast.com/t/1vXjCgnyCuU2

I thought it was "Server key" but the docs say the prediction API needs to be logged in as a user, whereas the Server key says "Use this for accessing data not associated with an account from a server"

I believe I should use the "Certificate" option http://screencast.com/t/4sL1WTjxqp

But I have no idea what to do with the certificate. And even if I were to know, I still wouldn't have an API Key (or would I?), which the REST call seems to want. Presumably I need to sign the request in some way and submit the hash in the header.

Any help in how to do this step by step would be awesomely appreciated.

Answer 1

I found the answer here:

https://developers.google.com/accounts/docs/OAuth2ServiceAccount

and here

https://github.com/extrabacon/google-oauth-jwt

Answer 2

I use and recommend Passport.js. They document it well, and it extends nicely to other providers as well.

(Make sure to register your app's URLs and callbacks in the Google Developer Console.)