OAuth 2.0 to Access Google APIs web flow
credit: https://developers.google.com/identity/protocols/OAuth2
Google OAuth 2.0 – Concent screen URL
Base URL: https://accounts.google.com/o/oauth2/auth
Sample URL: https://accounts.google.com/o/oauth2/auth?scope=email&redirect_uri={Your Redirect URL}&response_type=code&client_id={Your Client ID}&approval_prompt=force
Parameter information
Parameters | |||||||
---|---|---|---|---|---|---|---|
client_id |
Required. The client ID for your application. You can find this value in the API Console. | ||||||
redirect_uri |
Required. Determines where the API server redirects the user after the user completes the authorization flow. The value must exactly match one of the authorized redirect URIs for the OAuth 2.0 client, which you configured in the API Console. If this value doesn’t match an authorized URI, you will get a ‘redirect_uri_mismatch’ error. Note that the http or https scheme, case, and trailing slash (‘/ ‘) must all match. |
||||||
scope |
Required. A space-delimited list of scopes that identify the resources that your application could access on the user’s behalf. These values inform the consent screen that Google displays to the user.
Scopes enable your application to only request access to the resources that it needs while also enabling users to control the amount of access that they grant to your application. Thus, there is an inverse relationship between the number of scopes requested and the likelihood of obtaining user consent. The OAuth 2.0 API Scopes document provides a full list of scopes that you might use to access Google APIs. We recommend that your application request access to authorization scopes in context whenever possible. By requesting access to user data in context, via incremental authorization, you help users to more easily understand why your application needs the access it is requesting. |
||||||
access_type |
Recommended. Indicates whether your application can refresh access tokens when the user is not present at the browser. Valid parameter values are online , which is the default value, and offline .
Set the value to |
||||||
state |
Recommended. Specifies any string value that your application uses to maintain state between your authorization request and the authorization server’s response. The server returns the exact value that you send as a name=value pair in the hash (# ) fragment of the redirect_uri after the user consents to or denies your application’s access request.
You can use this parameter for several purposes, such as directing the user to the correct resource in your application, sending nonces, and mitigating cross-site request forgery. Since your |
||||||
include_granted_scopes |
Optional. Enables applications to use incremental authorization to request access to additional scopes in context. If you set this parameter’s value to true and the authorization request is granted, then the new access token will also cover any scopes to which the user previously granted the application access. See the incremental authorization section for examples. |
||||||
login_hint |
Optional. If your application knows which user is trying to authenticate, it can use this parameter to provide a hint to the Google Authentication Server. The server uses the hint to simplify the login flow either by prefilling the email field in the sign-in form or by selecting the appropriate multi-login session.
Set the parameter value to an email address or |
||||||
prompt |
Optional. A space-delimited, case-sensitive list of prompts to present the user. If you don’t specify this parameter, the user will be prompted only the first time your app requests access. Possible values are:
|
Scopes for Google APIs
https://www.googleapis.com/auth/userinfo.email | |
Profile | https://www.googleapis.com/auth/userinfo.profile |
Google Token Server URL
Google token server URL: https://www.googleapis.com/oauth2/v4/token
We need to post the fields given below to the Google token server URL.
Fields | |
---|---|
code |
The authorization code returned from the initial request. |
client_id |
The client ID obtained from the API Console. |
client_secret |
The client secret obtained from the API Console. |
redirect_uri |
One of the redirect URIs listed for your project in the API Console. |
grant_type |
As defined in the OAuth 2.0 specification, this field must contain a value of authorization_code . |
Google API URL (OPENID)
URL: https://www.googleapis.com/oauth2/v2/userinfo
Submit the “access_token” as a GET parameter to get user information
OAuth 2.0 Playground
https://developers.google.com/oauthplayground
Credit: https://developers.google.com/identity/protocols/OAuth2WebServer#creatingclient