Scribd
Upload
110 views7 pages

Google API Flow

1. The document describes Google's API authorization flow. It involves requesting an authorization code from Google's auth server by sending a client ID and redirect URI, then exchanging the authorization code for access and refresh tokens. 2. The mobile app uses Google Sign-In to get an authorization code from the user's sign-in. It then sends the code to a backend server to exchange it for access and refresh tokens. 3. The backend uses the access token to call Google APIs on behalf of the user and can store the refresh token to get a new access token when the access token expires.

Uploaded by

Rafidah Rafalia
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
110 views7 pages

Google API Flow

1. The document describes Google's API authorization flow. It involves requesting an authorization code from Google's auth server by sending a client ID and redirect URI, then exchanging the authorization code for access and refresh tokens. 2. The mobile app uses Google Sign-In to get an authorization code from the user's sign-in. It then sends the code to a backend server to exchange it for access and refresh tokens. 3. The backend uses the access token to call Google APIs on behalf of the user and can store the refresh token to get a new access token when the access token expires.

Uploaded by

Rafidah Rafalia
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 7

Google API Flow

Request Token

https://accounts.google.com/o/oauth2/v2/auth?
Parameter request token scope=https%3A//www.googleapis.com/auth/drive.metadata.readonly&
client_id: The client ID for your application access_type=offline& include_granted_scopes=true&
response_type=code& state=state_parameter_passthrough_value&
redirect_uri: Determines where the API server redirects the redirect_uri=https%3A//oauth2.example.com/code
user after the user completes the authorization flow. The value
must exactly match one of the authorized redirect URIs for the & client_id=client_id
OAuth 2.0 client
response_type: code
Scope: Scopes enable your application to only request access to
the resources that it needs while also enabling users to control
the amount of access that they grant to your application.  An error response:
https://oauth2.example.com/auth?error=access_denied
An authorization code response:
https://oauth2.example.com/auth?code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7
Kirim Client ID  ke requestServerAuthCode method. Untuk sign in

// Configure sign-in to request offline access to the user's ID, basic


// profile, and Google Drive. The first time you request a code you will
// be able to exchange it for an access token and refresh token, which
// you should store. In subsequent calls, the code will only result in
// an access token. By asking for profile access (through
// DEFAULT_SIGN_IN) you will also get an ID Token as a result of the
// code exchange.
String serverClientId = getString(R.string.server_client_id);
GoogleSignInOptions gso = new
GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
        .requestScopes(new Scope(Scopes.DRIVE_APPFOLDER))
        .requestServerAuthCode(serverClientId)
        .requestEmail()
        .build();

Setelah sukses sign in, get auth code

Task<GoogleSignInAccount> task = GoogleSignIn.getSignedInAccountFromIntent(data);


try {
    GoogleSignInAccount account = task.getResult(ApiException.class);
    String authCode = account.getServerAuthCode();

    // Show signed-un UI
    updateUI(account);

    // TODO(developer): send code to server and exchange for access/refresh/ID tokens


} catch (ApiException e) {
    Log.w(TAG, "Sign-in failed", e);
    updateUI(null);
}
Exchange authorization code tokens

POST /token HTTP/1.1 Host: oauth2.googleapis.com Return:


Content-Type: application/x-www-form-urlencoded {
  "access_token": "1/fFAGRNJru1FTz70BzhT3Zg",
code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7&   "expires_in": 3920,
client_id=your_client_id&   "token_type": "Bearer",
client_secret=your_client_secret&   "scope": "https://www.googleapis.com/auth/drive.metadata.readonly",
redirect_uri=https%3A//oauth2.example.com/code&   "refresh_token": "1//xEoDL4iW3cxlI7yDbSRFYNG01kVKM2C-259HOF2aQbI"
grant_type=authorization_code }

Cookies / Storage
Send auth code ke backend untuk dapet access token

// Exchange auth code for access token


GoogleClientSecrets clientSecrets =
    GoogleClientSecrets.load(
        JacksonFactory.getDefaultInstance(), new FileReader(CLIENT_SECRET_FILE));
GoogleTokenResponse tokenResponse =
          new GoogleAuthorizationCodeTokenRequest(
              new NetHttpTransport(),
              JacksonFactory.getDefaultInstance(),
              "https://oauth2.googleapis.com/token",
              clientSecrets.getDetails().getClientId(),
              clientSecrets.getDetails().getClientSecret(),
              authCode,
              REDIRECT_URI)  // Specify the same redirect URI that you use with your web
                             // app. If you don't have a web version of your app, you can
                             // specify an empty string.
              .execute();
Calling APIs

GET /drive/v2/files HTTP/1.1


Cookies / Storage Host: www.googleapis.com
Authorization: Bearer access_token
Gunakan token akses untuk memanggil Google API atas nama pengguna dan, secara opsional, simpan token penyegaran untuk mendapatkan
token akses baru ketika token akses kedaluwarsa.

String accessToken = tokenResponse.getAccessToken();

// Use access token to call API


GoogleCredential credential = new GoogleCredential().setAccessToken(accessToken);
Drive drive =
    new Drive.Builder(new NetHttpTransport(), JacksonFactory.getDefaultInstance(), credential)
        .setApplicationName("Auth Code Exchange Demo")
        .build();
File file = drive.files().get("appfolder").execute();

// Get profile info from ID token


GoogleIdToken idToken = tokenResponse.parseIdToken();
GoogleIdToken.Payload payload = idToken.getPayload();
String userId = payload.getSubject();  // Use this value as a key to identify a user.
String email = payload.getEmail();
boolean emailVerified = Boolean.valueOf(payload.getEmailVerified());
String name = (String) payload.get("name");
String pictureUrl = (String) payload.get("picture");
String locale = (String) payload.get("locale");
String familyName = (String) payload.get("family_name");
String givenName = (String) payload.get("given_name");

You might also like