-
Notifications
You must be signed in to change notification settings - Fork 627
Implementing OAuth 2.0
To gather a deeper understanding of the OAuth2 authentication process, refer to: Gmail XOAUTH2 API
For a quick start you may follow this brief set of steps:
-
Set up a profile for your app in the Google API Console
-
With your recently obtained
client_id
andsecret
load the following URL (everything goes in a single line):
https://accounts.google.com/o/oauth2/auth?client_id=[YOUR_CLIENT_ID]&
redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&
response_type=code&scope=https%3A%2F%2Fmail.google.com%2F%20email&
&access_type=offline
-
The user most follow instructions to authorize application access to Gmail.
-
After the user hits the "Accept" button it will be redirected to another page where the access token will be issued.
-
Now from the app we need and authorization token, to get one we issue a POST request the following URL:
https://accounts.google.com/o/oauth2/token
using these parameters:
-
client_id
: This is the client id we got from step 1 -
client_secret
: Client secret as we got it from step 1 -
code
: This is the code we received in step 4 -
redirect_uri
: This is a redirect URI where the access token will be sent, for non-web applications this is usuallyurn:ietf:wg:oauth:2.0:oob
(as we got from step 1) -
grant_type
: Always use the authorization_code parameter to retrieve an access and refresh tokens
- After step 5 completes we receive a JSON object similar to:
{
"access_token":"1/fFAGRNJru1FTz70BzhT3Zg",
"refresh_token":"1/fFAGRNJrufoiWEGIWEFJFJF",
"expires_in":3920,
"token_type":"Bearer"
}
The above output gives us the access_token, now we need to also retrieve the user's e-mail,
to do that we need to perform an HTTP GET request to Google's UserInfo API using this URL: https://www.googleapis.com/oauth2/v1/userinfo?access_token=[YOUR_ACCESS_TOKEN]
this will return the following JSON output:
{
"id": "00000000000002222220000000",
"email": "[email protected]",
"verified_email": true
}