Scribd Logo
Upload

Welcome to Scribd!

  • Google API Flow Guide

    Uploaded by

    Rafidah Rafalia
    66 views7 pages
    1. The document describes Google's API authorization flow. It involves requesting an authorization code from Google's auth server by sending a client ID and redirect URI, then exchanging the authorization code for access and refresh tokens. 2. The mobile app uses Google Sign-In to get an authorization code from the user's sign-in. It then sends the code to a backend server to exchange it for access and refresh tokens. 3. The backend uses the access token to call Google APIs on behalf of the user and can store the refresh token to get a new access token when the access token expires.

    Original Description:

    Original Title

    Google API Flow

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    1. The document describes Google's API authorization flow. It involves requesting an authorization code from Google's auth server by sending a client ID and redirect URI, then exchanging the authorization code for access and refresh tokens. 2. The mobile app uses Google Sign-In to get an authorization code from the user's sign-in. It then sends the code to a backend server to exchange it for access and refresh tokens. 3. The backend uses the access token to call Google APIs on behalf of the user and can store the refresh token to get a new access token when the access token expires.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    66 views7 pages

    Google API Flow Guide

    Uploaded by

    Rafidah Rafalia
    1. The document describes Google's API authorization flow. It involves requesting an authorization code from Google's auth server by sending a client ID and redirect URI, then exchanging the authorization code for access and refresh tokens. 2. The mobile app uses Google Sign-In to get an authorization code from the user's sign-in. It then sends the code to a backend server to exchange it for access and refresh tokens. 3. The backend uses the access token to call Google APIs on behalf of the user and can store the refresh token to get a new access token when the access token expires.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    Google API Flow

    Request Token

    https://accounts.google.com/o/oauth2/v2/auth?
    Parameter request token scope=https%3A//www.googleapis.com/auth/drive.metadata.readonly&
    client_id: The client ID for your application access_type=offline& include_granted_scopes=true&
    response_type=code& state=state_parameter_passthrough_value&
    redirect_uri: Determines where the API server redirects the redirect_uri=https%3A//oauth2.example.com/code
    user after the user completes the authorization flow. The value
    must exactly match one of the authorized redirect URIs for the & client_id=client_id
    OAuth 2.0 client
    response_type: code
    Scope: Scopes enable your application to only request access to
    the resources that it needs while also enabling users to control
    the amount of access that they grant to your application.  An error response:
    https://oauth2.example.com/auth?error=access_denied
    An authorization code response:
    https://oauth2.example.com/auth?code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7
    Kirim Client ID  ke requestServerAuthCode method. Untuk sign in

    // Configure sign-in to request offline access to the user's ID, basic


    // profile, and Google Drive. The first time you request a code you will
    // be able to exchange it for an access token and refresh token, which
    // you should store. In subsequent calls, the code will only result in
    // an access token. By asking for profile access (through
    // DEFAULT_SIGN_IN) you will also get an ID Token as a result of the
    // code exchange.
    String serverClientId = getString(R.string.server_client_id);
    GoogleSignInOptions gso = new
    GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
            .requestScopes(new Scope(Scopes.DRIVE_APPFOLDER))
            .requestServerAuthCode(serverClientId)
            .requestEmail()
            .build();

    Setelah sukses sign in, get auth code

    Task<GoogleSignInAccount> task = GoogleSignIn.getSignedInAccountFromIntent(data);


    try {
        GoogleSignInAccount account = task.getResult(ApiException.class);
        String authCode = account.getServerAuthCode();

        // Show signed-un UI
        updateUI(account);

        // TODO(developer): send code to server and exchange for access/refresh/ID tokens


    } catch (ApiException e) {
        Log.w(TAG, "Sign-in failed", e);
        updateUI(null);
    }
    Exchange authorization code tokens

    POST /token HTTP/1.1 Host: oauth2.googleapis.com Return:


    Content-Type: application/x-www-form-urlencoded {
      "access_token": "1/fFAGRNJru1FTz70BzhT3Zg",
    code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7&   "expires_in": 3920,
    client_id=your_client_id&   "token_type": "Bearer",
    client_secret=your_client_secret&   "scope": "https://www.googleapis.com/auth/drive.metadata.readonly",
    redirect_uri=https%3A//oauth2.example.com/code&   "refresh_token": "1//xEoDL4iW3cxlI7yDbSRFYNG01kVKM2C-259HOF2aQbI"
    grant_type=authorization_code }

    Cookies / Storage
    Send auth code ke backend untuk dapet access token

    // Exchange auth code for access token


    GoogleClientSecrets clientSecrets =
        GoogleClientSecrets.load(
            JacksonFactory.getDefaultInstance(), new FileReader(CLIENT_SECRET_FILE));
    GoogleTokenResponse tokenResponse =
              new GoogleAuthorizationCodeTokenRequest(
                  new NetHttpTransport(),
                  JacksonFactory.getDefaultInstance(),
                  "https://oauth2.googleapis.com/token",
                  clientSecrets.getDetails().getClientId(),
                  clientSecrets.getDetails().getClientSecret(),
                  authCode,
                  REDIRECT_URI)  // Specify the same redirect URI that you use with your web
                                 // app. If you don't have a web version of your app, you can
                                 // specify an empty string.
                  .execute();
    Calling APIs

    GET /drive/v2/files HTTP/1.1


    Cookies / Storage Host: www.googleapis.com
    Authorization: Bearer access_token
    Gunakan token akses untuk memanggil Google API atas nama pengguna dan, secara opsional, simpan token penyegaran untuk mendapatkan
    token akses baru ketika token akses kedaluwarsa.

    String accessToken = tokenResponse.getAccessToken();

    // Use access token to call API


    GoogleCredential credential = new GoogleCredential().setAccessToken(accessToken);
    Drive drive =
        new Drive.Builder(new NetHttpTransport(), JacksonFactory.getDefaultInstance(), credential)
            .setApplicationName("Auth Code Exchange Demo")
            .build();
    File file = drive.files().get("appfolder").execute();

    // Get profile info from ID token


    GoogleIdToken idToken = tokenResponse.parseIdToken();
    GoogleIdToken.Payload payload = idToken.getPayload();
    String userId = payload.getSubject();  // Use this value as a key to identify a user.
    String email = payload.getEmail();
    boolean emailVerified = Boolean.valueOf(payload.getEmailVerified());
    String name = (String) payload.get("name");
    String pictureUrl = (String) payload.get("picture");
    String locale = (String) payload.get("locale");
    String familyName = (String) payload.get("family_name");
    String givenName = (String) payload.get("given_name");

    You might also like