I am trying to pull my own data from Google Fit. Google oAuth 2.0 requires you to provide an access token for any request to the Google Fit API. Is there any way I can let my application get unrestricted access to that data? I am using the REST API.
Asked
Active
Viewed 2,160 times
2 Answers
1
Look into the concept of Refresh Tokens. These long-lived tokens can be used to request a new access token when an access token expires. You can acquire a Refresh Token from the Google API by adding &access_type=offline&prompt=consent to the OAuth login request, as explained in this answer.
david-err
- 1,037
- 1
- 8
- 12
-1
Is there any way I can let my application get unrestricted access to that data? I am using the REST API.
No. You must supply credentials with every request.
After you authenticate successfully, every subsequent request must contain the OAuth access token you received as part of the OAuth process in the Authorization header like this:
Authorization: Bearer ya29.OAuthTokenValue
In any REST API that is not open to everyone in the world, you will be required to identify yourself with credentials on every single request. That can be done either with a cookie, a header or a parameter in the URL. In the Google Fit case, it requires a header on every request.
This is explained on the Google developers site here.
These access tokens you get from the OAuth process are "short-lived". They do not last forever. So, you cannot just get one and use it forever. This is for security reasons.
Google explains this process more here: https://developers.google.com/fit/rest/v1/authorization
jfriend00
- 683,504
- 96
- 985
- 979
-
This is not what was asked. The question is about "permanent" access, not short-lived tokens. – ralfe Nov 13 '22 at 05:55