0

I have a client id and client secret for my Google Container Engine app obtained via Credentials and I just want to do some local testing of the JSON API endpoints.

How can I convert this into a Bearer token so that I can just get some work done? Is there a Google page where I provide these things and get a token that I can use in my app?

I don't want to have to write an entire OAuth handling mechanism at this point in time (which would use the flow described in oauthplayground). It's an app to be run only for my account, in headless mode, on a trusted machine, to manage my cluster.

NOTE: must not require any proprietary software installations (e.g. the Google SDK).

fommil
  • 5,757
  • 8
  • 41
  • 81
  • 1
    You could use the test here: https://github.com/freizl/hoauth2/blob/master/example/Keys.hs.sample#L26 - insert keys and run via `stack run test-google`. – Reactormonk Mar 31 '17 at 17:32
  • cool! This is the kind of thing I was looking for. I'll give it a try tomorrow. Why don't Google make it easy ffs? – fommil Mar 31 '17 at 20:00
  • Google didn't create the OAuth spec, they just implemented it. The documentation is very good and the oauthplayground and API explorer make it very easy to try it out. – pinoyyid Apr 01 '17 at 17:31

2 Answers2

1

Google provides an API Client Library for Java, which itself depends on an OAuth client library.

For the project of 9Cards launcher for Android, within the back-end, we had to use this library to fetch applications usage statistics from Google Analytics. In our code, because it is a case of "server to server" authentication, we use a Service Account's credentials. The code issues a request from Google a short-lived OAuth2 Auth Token. The library may provide similar features if you use a Client-ID and Client-Secret.

Regarding the issue of licenses, the library is published under Apache License v2, so in that regard it is not too proprietary.

Diego E. Alonso-Blas
  • 731
  • 7
  • 15
  • I didn't realise their jar was libre... I'll maybe take a look and do the dance. The OAuth handshake it pretty trivial, so I could implement it with fs2-http, but I just wanted to avoid the whole thing and get a code printed on the screen that I could use for a day. I guess they don't allow shortcutting :-/ – fommil Mar 31 '17 at 14:47
0

I have a client id and client secret for my Google Container Engine app obtained via Credentials and I just want to do some local testing of the JSON API endpoints.

Good start. I guess by "the JSON API endpoints" you mean the Google APIS. Make sure you created OAuth Client IDs and not one of the other options.

How can I convert this into a Bearer token so that I can just get some work done? Is there a Google page where I provide these things and get a token that I can use in my app?

Yes the OAuth Playground will do that for you. The detailed steps and sample code to consume the token is at How do I authorise an app (web or installed) without user intervention? (canonical ?)

I don't want to have to write an entire OAuth handling mechanism at this point in time (which would use the flow described in oauthplayground).

Follow the steps linked to above and you will see that you don't need to write any code at all. Once you have the refresh token (a one time procedure), you're all set. I exaggerate slightly, you do need one line of code to post the refresh token to the Google Oauth endpoint to fetch an access token. See the bottom of the linked answer for an example. Or you could just compose a curl to do it from the command line and put the Access Token into an environment variable.

I just wanted to avoid the whole thing and get a code printed on the screen

A bit like https://youtu.be/hfWe1gPCnzc?t=198

Community
  • 1
  • 1
pinoyyid
  • 21,499
  • 14
  • 64
  • 115
  • this no longer works. It's not possible to use the google playground as a callback because of the way Google have implemented secure domains. – fommil Apr 01 '17 at 09:24
  • @fommil Works for me! I've taken the trouble to update both this answer and the linked answer to try to explain it to you in more detail. There is even a code sample to illustrate how it works. I think you've confused webhooks with oauth callbacks. – pinoyyid Apr 01 '17 at 17:27
  • thanks for updating. The key thing I notice is that this looks completely different than what I see: https://www.youtube.com/watch?v=hfWe1gPCnzc&feature=youtu.be&t=198 I have a "OAuth 2.0 client ID" of type "Other" obtained via https://console.developers.google.com/apis/credentials and there is no ability to add a `redirect_uri` there. Nor can I find a way to add a redirect_uri to my project (the Google Code screen as seen in YouTube no longer exists). I'm just writing an oauth2 client to do this for me programatically, Google's tools are broken (as always). – fommil Apr 02 '17 at 10:28
  • @fommil Google's tools seem to work fine for everybody else. The Dev Console has been rewritten at least twice since the video was made, so some of the jargon and UX has changed, but the principles are identical, the solution is identical, and the result is identical. A lot of people get confused (it seems you included) by the phrase "server-to-server". That is specifically for Service Accounts (aka "robot accounts") using two-legged OAuth. – pinoyyid Apr 02 '17 at 18:00