0

I'm attempting to create an application for both PC (Java) and Android that utilizes Google Drive. I've been messing around with the examples to figure out how OAuth 2.0 works, and I can't find a good method of automatically returning the authorization code to my program once the user has allowed the application to access their data. The Google Drive Quickstart example uses a simple copy/paste mechanism that requires user input, but this is not convenient for the user.

It seems there are several suggested ways to retrieve the authorization code without bothering the user (running a local web server, monitoring the browser window launched for authentication, etc...), but Google doesn't strongly recommend any solution nor do they provide examples of how these solutions would work beyond basic descriptions. The following guide gives a few suggestions in Section 4 (Note: I tried to quote the section but SO wouldn't let me with the number of links/images present):

https://developers.google.com/youtube/v3/guides/authentication#installed-apps

Has anybody implemented something similar in the past, or are there best practices to do this? If possible I'd prefer a solution that would work on multiple platforms (i.e. not using any platform specific libraries).

I suppose it's not a huge deal if the user had to do this once (as I'll be storing a refresh token and using that from then on), but it'd be good to have a way around it.

Michael Celey
  • 12,645
  • 6
  • 57
  • 62
Bill
  • 23
  • 4
  • 1
    have you tried https://developers.google.com/drive/auth/web-server – Sunny Oct 03 '13 at 06:05
  • That's actually the same guide as here: https://developers.google.com/drive/training/drive-apps/auth/credentials I've been using that example to get started, there just isn't a well-defined example of automatically returning the authorization code. – Bill Oct 03 '13 at 12:39

2 Answers2

0

In Oauth2 protocol, you have two ways of getting the authorization code : via a redirect to an url you have control over (could be pointing to a serve you own or localhost) or via copy pasting.

The first way is what you want, presumably with localhost as redirect uri, as you lauch the flow from you desktop app on the user's machine. You'll have no choice but to make your app spawn a little http server that can handle the code url parameter. However, you'll have to be hackish : how do you launch a web browser from your app, for any OS it can run on ? how do you the case where the user's machine is configured to refuse inbound http connection ?

IMO, best course of action is to go for the copy pasting : user knows what happen

Jerome
  • 2,104
  • 1
  • 17
  • 31
  • I'm hesitant to try the HTTP server approach as the guides do mention that such an approach is dependent on how the user has their network configured. I was going to attempt the web browser route mentioned in the link, but I'm unsure of a Java library that would allow me to do this. – Bill Oct 03 '13 at 18:41
  • Your user will need a browser for both routes. Copy pasting removes the pain of the http server. Just display the authorize URL in your app and ask your user to visit it then copy paste the code back in your app – Jerome Oct 03 '13 at 22:11
0

I just implemented an oAuth2 solution for Google Drive. I ended up creating a service account via Google App Engine. Here is a good link to get started:

https://developers.google.com/drive/service-accounts

There is a Dr. Edit example that will work you through editing drive objects like spreadsheets.

GoogleCredential credential = new GoogleCredential.Builder()
            .setTransport(httpTransport)
            .setJsonFactory(jsonFactory)
            .setServiceAccountId(SERVICE_ACCOUNT_EMAIL)                
            .setServiceAccountScopes(scopes)                
            .setServiceAccountPrivateKeyFromP12File(pk12)
            .setServiceAccountUser(ACCESS_DOMAIN_IMPERSONATE) // <-- set user email here    
            .build();

There are a few things you need to do in your Google domain admin console/cpanel for your domain.

Check the following SO answer I posted a day or so ago:

OAuth Google API for Java unable to impersonate user

Community
  • 1
  • 1
Darth Jon
  • 413
  • 8
  • 18
  • My application would require the user to log in with their personal account as it needs access to their Drive storage. It sounds like service accounts are used for accessing files that users of your application may want to read but not edit. It seems they need no authentication other than a password stored in a file as the accounts are application-owned. Is this incorrect? – Bill Oct 03 '13 at 18:46
  • There is a way to impersonate a user with the service account, mainly when you get the GoogleCredential - see code in edited answer. – Darth Jon Oct 03 '13 at 19:19
  • This is a valid answer if your user belongs to a google apps domain. If it's a regular google user I don't think service accounts can be used. I'd be very pleased to be proven wrong – Jerome Oct 03 '13 at 22:08