0

I have been tearing my hair out on this for several days. I admit, I am not "that kind of programmer" - I write mathematical algorithms and am no web, security or protocol programmer. Thought I would share my current knowledge as it seem this is a somewhat "bitty" topic. Maybe I haven't understood the official documentation but so far I am struggling and I have found various others grappling with what I suspect is still an emerging technology. I'll post these links below in the comments.

As I understand it, there are THREE principle ways of using OAuth 2.0 with Google Drive/Google Spreadsheets which are implemented a little differently.

  1. For an installed, desktop application <== this post focuses on this
  2. For a server-side service
  3. For a web application

For OAuth 2.0 for an installed desktop application there are appear to be TWO ways of doing this. One is using the GoogleWebAuthorizationBroker and the other is with GoogleAuthorizationCodeFlow. I can't prove it definitively but it seems the former was deprecated some time in 2013 and the latter is now the preferred approach.

Firstly, does anyone if it is correct that GoogleAuthorizationCodeFlow is now the preferred way to do it? I did briefly get the GoogleWebAuthorizationBroker approach working and logged in just once and I was able to run a SpreadsheetsService.Query but it seems the generated token is only valid an hour and I can't yet figure out how to refresh it. I suspect that GoogleAuthorizationCodeFlow can manage this.

Secondly, can anyone post any working code for retrieving and updating a specific, named Google Spreadsheet using OAuth 2.0 in C# for a desktop app? I am working on it myself and will post my code if I get it working.

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
Bit Rocker
  • 777
  • 2
  • 8
  • 13
  • Official Google OAuth 2.0 docs http://developers.google.com/api-client-library/dotnet/guide/aaa_oauth#installed_applications – Bit Rocker Feb 04 '15 at 13:07
  • Google Spreadsheets docs https://developers.google.com/google-apps/spreadsheets/#setting_up_your_client_library – Bit Rocker Feb 04 '15 at 13:08
  • Using OAuth 2.0 for Client-side Applications https://developers.google.com/accounts/docs/OAuth2UserAgent – Bit Rocker Feb 04 '15 at 13:08
  • Debugging your Google OAuth 2.0 token when you get HTTP 401s or 403s http://ikaisays.com/2013/07/19/debugging-your-google-oauth-2-0-token-when-you-get-http-401s-or-403s/ – Bit Rocker Feb 04 '15 at 13:09
  • GoogleAuthorizationCodeFlow vs GoogleWebAuthorizationBroker http://stackoverflow.com/questions/27573272/googlewebauthorizationbroker-authorizeasync-hangs – Bit Rocker Feb 04 '15 at 13:10
  • More on the same http://stackoverflow.com/questions/20074544/how-do-i-properly-authenticate-google-account-for-youtube-v3-google-apis-for-ne – Bit Rocker Feb 04 '15 at 13:11
  • First answer suggests that GoogleWebAuthorizationBroker is no longer supported http://stackoverflow.com/questions/25109878/asp-net-mvc5-google-apis-googlewebauthorizationbroker-authorizeasync-works-local – Bit Rocker Feb 04 '15 at 13:13
  • Untried solution - checking it after this post... http://www.daimto.com/google-oauth2-csharp/ – Bit Rocker Feb 04 '15 at 13:13
  • Suspect this is getting warmer - about refreshing tokens http://javadoc.google-api-java-client.googlecode.com/hg-history/e96deed46302cb1cee499d502de7b2ba11022c38/1.7.0-beta/com/google/api/client/googleapis/auth/oauth2/GoogleAuthorizationCodeFlow.html – Bit Rocker Feb 04 '15 at 13:26
  • Another clue here http://expertland.net/question/p72350bv60kzl98243a7a3l0bapq4a2r9/detail.html – Bit Rocker Feb 04 '15 at 13:45

1 Answers1

3

Really there are only two ways to access Google drive, Oauth2 or a service account which is kind of Oauth1. I don't think you can access Google drive with a public API key but I would have to double check that.

There are Four ways of setting up the Credentials

  1. Public API access (API key) is used for public access, where you don't need to be authenticated. Google books and Google url shortener , some parts of the google+ api i think as well. (you didn't mention this one but I am)
  2. Client ID for native application (Installed applications). This is mainly when the redirect URI will always be local host. You could also use this if you are testing a web application locally. (This is Oauth2 and will require a user to authentication pop up browser thing)
  3. service accounts: are not server accounts they are used for accounts where you personally have access to the data. This will not require a user to authenticate because you have set up authentication for the service account in the background. Example: Take service account email address and grant it access to my Google drive directory will give it access to upload files to it.
  4. web applications is yes for web applications because the redirect uri where the authentication sever returns the authentication to is a website. (Oauth2 will require authentication)

Automation running in the background If you want something set up running in cron tab you can use any of the above. Two and four will require that you save the refresh token some place for use later because they are Oauth2.

GoogleAuthorizationCodeFlow was the older version of the Google-dotnet-client lib

GoogleWebAuthorizationBroker is for the current version of the google-dotnet-client lib and if you want to use any of the NuGet packages you will be using this. The older one isn't developed on anymore so any new features wont be available in it.

You already pointed to one of my tutorials. A full list of all of them is here Google C# tutorials

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
  • Thanks for the insights. It looks like what I had yet to learn about was the Refresh_Token in OAuth 2.0 and making sure that EITHER 1. this is stored somewhere retrievable on the first successful long OR 2. that the Authorization_Token is revoked at the end of the session, forcing the user to login again from scratch. OR 3. the authorization is manually revoked at https://security.google.com/settings/security/permissions which also forces an interactive logon next time. Currently working on how to store the Refresh_Token securely. – Bit Rocker Feb 04 '15 at 14:27
  • Do you have any pointers on best practice for storing the Refresh_Token? I found this article useful for building more general understanding: https://developers.google.com/doubleclick-search/v2/configure – Bit Rocker Feb 04 '15 at 14:30
  • The client lib should take care of it for you, using filedatastore. this stores the freshtoken in the %appData% directory. you could make your own implementation of Idatastore and store it where ever you like say the database. that's Java not C# so may confuse you more. – Linda Lawton - DaImTo Feb 04 '15 at 14:31
  • Thanks very much for your response! I've found your examples and am working through them. Certainly fiddly stuff but your examples really help. – Bit Rocker Feb 04 '15 at 15:50
  • Just one more query, following from your example: as of Feb 2014, the .Execute method also seems to have disappeared from FilesResource.ListRequest. I can't find an alternative method to use. Any clues? Verified that I am using the latest Google.Apis and Google.Apis.Drive in NuGet in VS2013 – Bit Rocker Feb 04 '15 at 16:08
  • 1
    False alarm on the .Execute method. Turns out this is a quirk of ReSharper. It compiles and runs fine. http://stackoverflow.com/questions/15713167/resharper-can-not-resolve-symbol-even-when-project-builds – Bit Rocker Feb 04 '15 at 17:11