Accessing Google API from a web application

Question

I've been trying for a couple of days now to crack this but have not had any success. I have a web application that I want to use with Google Drives API. I want the web application to check if there is an access token it can use and if not redirect to Google so the user can log in and grant access.

Seemingly a simple task but it's driving me mad! I've checked the Google documentation but it all seems to be geared around console applications

Answer 1

You should be able to implement the OAuthHandshake using HTTP requests and a redirect URL to your web application. You can play around with the requests here to see what the headers and responses look like: https://developers.google.com/oauthplayground/

You can store the authorization code and tokens any way you like. You would have your web application refer to these tokens to see if they are expired. For example:

def getTokenFromFile(self):
    creds = self.readCredsFromDisk()

    # check if token is expired
    expiration_time = datetime.datetime.strptime(creds['token_expiry'], '"%Y-%m-%dT%H:%M:%S.%f"')
    if expiration_time < datetime.datetime.now():
        self.refreshToken()
        # reload creds
        creds = self.readCredsFromDisk()

    return creds['access_token']

I'm writing just a python script that does the handshake and saves the token to a plain text file. Any time the script runs a function to the Google API it will use this function.

The refresh function:

def refreshToken(self):
    with open('client_secret.json') as s:
        secret = json.load(s)
        secret = secret['installed']
    creds = self.readCredsFromDisk()

    refresh_url = secret['token_uri']
    post_data = {'client_id':secret['client_id'],
                 'client_secret':secret['client_secret'],
                 'refresh_token':creds['refresh_token'],
                 'grant_type':'refresh_token'}
    headers = {'Content-type':'application/x-www-form-urlencoded'}

    (resp, content) = self.http.request(refresh_url,
                                   method='POST',
                                   body=urlencode(post_data),
                                   headers=headers)

    content = json.loads(content)
    creds['access_token'] = content['access_token']
    date = datetime.datetime.now() + datetime.timedelta(seconds=content['expires_in'])
    creds['token_expiry'] = json.dumps(date.isoformat())

    self.writeCredsToDisk(json.dumps(creds))

You would write a function similar to this to trade the original authorization code and access code following the logic the OAuth Playground shows you.

Answer 2

Google provides an interface UserService which stores details of the users using the application. If the users is not logged in redirect the user to login page using:

response.sendRedirect(userService.createLoginURL(request.getRequestURI()))

Later or if the user is logged in, redirect him to "Request for Permission" page using:

List<String> scopes = Arrays.asList(PlusScopes.PLUS_LOGIN,PlusScopes.PLUS_ME,PlusScopes.USERINFO_EMAIL,PlusScopes.USERINFO_PROFILE......); // Add/remove scopes as per your requirement
List<String> responseTypes = Arrays.asList("code");
GoogleAuthorizationCodeRequestUrl gAuthCode = new GoogleAuthorizationCodeRequestUrl(Google project client id, redirect url, scopes);
gAuthCode.setAccessType("offline");
gAuthCode.setClientId(Google project client id);
gAuthCode.setResponseTypes(responseTypes);
gAuthCode.setApprovalPrompt("force");
authURl = gAuthCode.toURL().toString();
response.sendRedirect(authURl);

Make sure you add all required scopes of the API methods you will be using. After the user has accepted, you will have to create a servlet with "/oauth2callback" mapping to get the authorization code.

request.getParameter("code") 

In the same servlet using the code obtained, get refresh and access token making a rest call.

URL url = new URL("https://www.googleapis.com/oauth2/v3/token");        
HttpURLConnection connection= (HttpURLConnection)url.openConnection();
connection.setRequestMethod("post");
connection.setDoInput(true);
connection.setDoOutput(true);

DataOutputStream dw= new DataOutputStream(connection.getOutputStream());
            dw.writeBytes("code="+authorizationCode+"&client_id="+CLIENT_ID+"&client_secret="+CLIENT_SECRET+"&redirect_uri="+REDIRECT_URL+"&grant_type=authorization_code");
dw.flush();
dw.close();
InputStream inputStream= connection.getInputStream();

Parse the input stream to get your refresh token and access token and redirect the user to your landing page.

Now you have access token to query your api whose scopes were provided in authorization flow. Also you have a refresh token which can be used to regenerate new access token if the previously issued access token has expired.