fbpx
Tag

OAuth

Browsing

Requires that you already have a project configured with web client credentials.

In order to get the user to consent (which gives is a code we will later exchange for an access token), we need to hand the user a URL.

https://developers.google.com/identity/protocols/OpenIDConnect#sendauthrequest

What is not so documented here is, that you really want to prompt for consent (in case the user has already authenticated once) and you want to ask for access_type=offline

Hand the url to the user.

Example:

https://accounts.google.com/o/oauth2/v2/auth?client_id=6214dddddddddddddd7hnvbhij4a.apps.googleusercontent.com&redirect_uri=https://hookb.in/Pxddddddddddddd3ZU0j0WBGq7w&response_type=code&scope=https://www.googleapis.com/auth/analytics.readonly&prompt=consent&access_type=offline

This gives you a user code, which we will now exchange for access _token + refresh_token using this:

https://developers.google.com/identity/protocols/OpenIDConnect#exchangecode

This gives us a response like this:

{
    "access_token": "ya29.GluuBvGQ-238S6Y0Dq-FYrgDddddddddddddddddddddFA_iB3iv85_hklCaqT3v9lhwgW-lAVvrWaLJUSOxnkBhCjjBhTZz06qWHsDyOJonaZd",
    "expires_in": 3600,
    "refresh_token": "1/xCT3kKuccccccccccccccccccccccccS158hrpVM",
    "scope": "https://www.googleapis.com/auth/analytics.readonly",
    "token_type": "Bearer"
}

Voila – we now have an access token and a refresh token!