Google API authentication with OAuth 2 —on the example of gmail
The article presents how to authenticate and authorize an access to Gmail API from the application.
Google gives us an access to lots of welfare with the Google API. The API enable to use Google services from our own applications. For example our apps can exchange data with google drive, use Gmail, calendar, Blogger, ask for analytical data from YouTube. Besides that there are lots of google cloud services that are available to use. Each API has its own big free quota which allows to reliably rely on Google services. Full list of APIs is available here.
Let’s start to use Google API. Log into your google account and go through the steps.
Create project
First you need to create a project in Google Developers Console.
Go to:
https://console.developers.google.com/Then you see the action bar on the top of the page:
Click on the list of projects:
and select “+” to add a new one.
Give your project a name. Let’s name it “GmailApiTest”.
Create project and go to Credentials > OAuth consent screen. Put the name of the product in the field “Product name shown to users”. It is possible to use the same name — “GmailApiTest”. It will be displayed on the list of apps that have granted permissions to use google account.
Generate credentials
Credentials > credentials page allows to generate a key .
Choose OAuth client ID
Choose application type. I prefer to select “Other”. Put the name for the client.
If you choose different option, for example, Web application you have to insert one of the Authorized redirect URIs. For the purpose of this tutorial I suggest to put there
http://localhost
Save your OAuth client. Thanks to that you receive clientID and clientSecret.
Get authorization tokens
There are 2 steps to get authorization tokens for your project. First is a request for an authorization code and then there is the code confirmation. After the process you will have an access_token and refresh_token. You need both of them if your app is offline app, in other case access_token is enough. Refresh_token is useful to renew access_token after it expires.
Full documentation of this process is available in the google developers website but you fortunately don’t need it with my tutorial.
Get code for permissions request
Use your browser to request permissions for your app. You need to call
https://accounts.google.com/o/oauth2/v2/authwith GET parameters.
- client_id
- response_type, put here code, it is the simplest way to authenticate by requesting the code
- scope — each API has its own scope. E.g. Gmail API has scope to send messages, compose messages etc. Choose one of the scopes you need for Gmail. We’ll choose
https://www.googleapis.com/auth/gmail.send - redirect_uri — put here:
http://localhost - access_type — use it with value offline, only if you need refresh_token.
Our request URI looks like that:
https://accounts.google.com/o/oauth2/v2/auth?client_id=187637922392-nm8r2q89o9gub1ftmuos32coutiumkt1.apps.googleusercontent.com&response_type=code&scope=https://www.googleapis.com/auth/gmail.send&redirect_uri=http://localhost&access_type=offlineAfter the call, browser shows question about granting permissions to the app:
Turn off any service that is running on your computer that is available on port 80 with URL http://localhost. Click “Allow” and then we will be redirected into localhost.
Redirected URI looks as follows:
http://localhost/?code=4/AACbpkMFarNdMwz1qVPV0mWcnfjSt0zMcNcUogSMgr2lcZU2G7qjf7B-f1lmTkhRpfgXFBwxzd9ad3vRD1Oymgk#We can extract code from this. It is:
4/AACbpkMFarNdMwz1qVPV0mWcnfjSt0zMcNcUogSMgr2lcZU2G7qjf7B-f1lmTkhRpfgXFBwxzd9ad3vRD1Oymgk#Confirm permissions request
We need to POST code with some other parameters on:
https://www.googleapis.com/oauth2/v4/tokenParameters that we need:
- code
- client_id
- client_secret
- grant_type — use authorization_code
- redirect_uri — use http://localhost
Let’s use rest client of your choice e.g. SoapUI.
Headers:
Content-Type: application/x-www-form-urlencodedBody:
code=4/AACbpkMFarNdMwz1qVPV0mWcnfjSt0zMcNcUogSMgr2lcZU2G7qjf7B-f1lmTkhRpfgXFBwxzd9ad3vRD1Oymgk#&client_id=187637922392-nm8r2q89o9gub1ftmuos32coutiumkt1.apps.googleusercontent.com&client_secret=aspzni4WpLp3pv_Ixszax_pQ&grant_type=authorization_code&redirect_uri=http://localhostThe answer gives us access_token and refresh_token:
{
"access_token": "ya29.GluCBcWz5DTsbBTAGvNV2m0eJXSn4rBpXq7wNKw8Ryqp52JAckB9iBvvTnrUIzTSiDv1oQE6NTrDytoYYEhCngBPwyyhhfJJXYBj574rZ5MwnIXZhUbcWrkF8PtD",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "1/qK6SZ1UoFciRvVdY6B7u0oZRXiIOvMdhaaB1myjEoV8"
}As you can see in the picture, application “GmailApiTest” has access to sending emails through Gmail.
Enable API
In the end enable API you need. It is not enough to have a permission to some service. API need to be enabled.
Do it by clicking “Enable” for specific API. In case of Gmail, go to https://console.developers.google.com/apis/library/gmail.googleapis.com/?project=gmailapitest-198410
Summary
I hope you’ve learned how to authenticate to Google APIs and you will be able to use the power of Google Services.
After this tutorial you can sending emails by Gmail API from your Java app.
If you have any questions or comments. Please let me know. Constructive feedback is appreciated.
