Getting user info (Google API libraries for Java)

Question

I have:

// package com.google.auth.oauth2;
UserAuthorizer userAuthorizer = 
       UserAuthorizer.newBuilder()
            .setClientId(of(clientId, clientSecret))
            .setCallbackUri(create(callbackUri))
            .setScopes(asList(scopes))
            .build();

then I am able to do:

userAuthorizer.getCredentialsFromCode(authorizationCode, create(baseUri)).getRefreshToken();

(This is oauth flow initiated from client side through oauth2 dialog and providing accessing access code)

I have difficulty finding how from that standpoint I can get something like UserInfo (profile picture and / or email)?

Answer 1

Short answer: You can't. Because User Information has nothing to do with OAuth2.

Actually it looks like:

User <-> Client <-> Remote OAuth2 Server <-> Remote App

You might confuse Client with User here. The Client might e.g. be a Third Party Provider which acts as a broker between a User and the App. From an OAuth2-POV the ClientId and ClientSecret thus have nothing to do with any actual User. The Tokens (Refresh or Access) are just so that the Client can tell the remote server, that it (the Client) really is who it says it is and the server can verify this claim.

The Access token received from the Remote OAuth2 Server will then allow your User to access certain EndPoints at the Remote App, by including the Access token in the Request (usually body or header, depending on API implementation). This is, because your Client has identified itself to the Remote OAuth2 Server.