12

I try to use Google oauth to authenticate users on my android app. Then I would like to send it to my app server so it can connect at any time with Google calendar.

I tried to use GoogleAuthUtil.getToken(getApplicationContext(), mAccountName, mScope);

Following this article: https://developers.google.com/accounts/docs/CrossClientAuth

When I use it with scope mScope = "oauth2:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"; I get a token, which is valid for an hour

But when I try to get an authorization code (so I can get a refresh token that is valid for longer time, using mScope2 ="oauth2:server:client_id:{CLIENT_ID}.apps.googleusercontent.com"+ ":api_scope:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile";

I receive either "invalid_scope" or "Unknown" exceptions.

What am I doing wrong?

EDIT: OK, After creating a new app on google API console and adding plus.login to the scope I get a code, but for some reason my server can't resolve this token. When tying to resolve server gets an error about the redirection URL. BTW, When I do the web flow with same parameters it works.

Gil
  • 371
  • 4
  • 15

4 Answers4

11

OK, found the solution, I expected Google to have a lot better documentation about working with Google Oauth and Android. A few things you have to know to work with Android and offline token

  1. When you create google Client ID Don't create a service application before you create a web application

  2. Must include https://www.googleapis.com/auth/plus.login in your scope

  3. The weirdest, to resolve the one time authorization code on my server, I had to use the redirection URL from the Android client ID details (which doesn't even look like a url) and not from the Web client details on Google API console.

Community
  • 1
  • 1
Gil
  • 371
  • 4
  • 15
  • 2
    Do you have your code posted anywhere by any chance (Github etc.)? I'm getting the Unknown exception and it's driving me absolutely insane I don't know what to try anymore... – Levi Botelho Mar 16 '15 at 22:42
  • 1
    Thank you very much. The third step actually is important. I was stuck whole day thinking what was wrong with my request and Google really should work more on providing good documentation. – Devesh Khandelwal Jul 05 '15 at 19:58
  • Could you better explain the third step? Maybe give some direct urls to the _(ugly)_ Google API console page. – Iulian Onofrei Mar 02 '16 at 13:39
0

That scope string is only documented to work when passed to GoogleAuthUtil(), see http://developer.android.com/reference/com/google/android/gms/auth/GoogleAuthUtil.html, on Android. But it would be cool if it worked on iOS too; our infrastructure there is a little behind where we’re at on Android.

Tim Bray
  • 1,653
  • 11
  • 16
0

I have had the same issue then i realised that my app is not published and is in debug mode, so i had to add test users to the Google project -> Consent Screen, then i was able to fetch the token for the added test user.

enter image description here

SaadurRehman
  • 622
  • 8
  • 20
-1

You just need to follow the correct steps/format for specifying the scopes. Find them here https://developers.google.com/android/guides/http-auth#SpecifyingScopes

geekoraul
  • 2,623
  • 2
  • 21
  • 33