1

I'm working with Go and I would like to use the Google API. From the doc, I found this example :

// Your credentials should be obtained from the Google
// Developer Console (https://console.developers.google.com).
conf := &oauth2.Config{
    ClientID:     "YOUR_CLIENT_ID",
    ClientSecret: "YOUR_CLIENT_SECRET",
    RedirectURL:  "YOUR_REDIRECT_URL",
    Scopes: []string{
        "https://www.googleapis.com/auth/bigquery",
        "https://www.googleapis.com/auth/blogger",
    },
    Endpoint: google.Endpoint,
}
// Redirect user to Google's consent page to ask for permission
// for the scopes specified above.
url := conf.AuthCodeURL("state")
fmt.Printf("Visit the URL for the auth dialog: %v", url)

// Handle the exchange code to initiate a transport.
tok, err := conf.Exchange(oauth2.NoContext, "authorization-code")
if err != nil {
    log.Fatal(err)
}
client := conf.Client(oauth2.NoContext, tok)
client.Get("...")

I have two questions :

  • What is the redirect_url? In the Developers Console, I can get my client_id and my client_secret but I don't know what is the redirect_url. Where can I find it?

  • What is the authorization_code? Where can I find it?

Thanks

Community
  • 1
  • 1
iAmoric
  • 1,787
  • 3
  • 31
  • 64

1 Answers1

1

The way OAuth works is,

1) You register you application with the vendor in this case its Google, when you do the registration you will receive a ApplicationID(or clientID) and a secret key. This ApplicationID is the uniqueID for your application in the google app world.

2) when you ask your user to authenticate themselves with google you will redirect the user to the Google Authentication page with you ApplicationID and the redirect URL. Note, here the redirect URL is your page.

3) Once the user Authenticate themselves and provides your application with Authorization, google with redirect the user to your redirect URL with a code.

4) You can think of this code as a identifier of the entire Authentication session

5) Now the user has been Authenticated but how will google know that the ApplicationID that you have passed belongs to you and you are not impersonating someone else, to ensure this you have to pass the code that you received in Step3 back to google along with you ApplicationId and the Secret Key, when you do that Google will authenticate you and ensure that you are the owner of this application and it will then Provide you with a bearer Auth Token and a refresh auth Token.

6) Now the authentication and Authorization is complete and for API calls you can use the bearer token for Authorization and when the bearer token expires you can use the refresh token to get a new bearer token.

Hope this helps

Pharaoh
  • 712
  • 1
  • 9
  • 33
  • Ok I see the process, but in my case I don't have this redirect url (I think). I'm juste developing a client who tries to get some datas from the Google API. I don't understand how it can work with that.. – iAmoric Aug 03 '18 at 08:48
  • you have to pass the redirect url and this has to be your page that needs to be accessible publicly over the internet. – Pharaoh Aug 03 '18 at 08:50
  • Ok thanks. And another little question : is there any way to use the Google API with only the API key ? On the Developers Console I can create a qimple API key – iAmoric Aug 03 '18 at 09:03
  • if google uses oauth, then at the end of the process i described above you will get an Auth token, this token will need to passed in http header when you call the API. Please let me know if this helps – Pharaoh Aug 03 '18 at 09:12
  • 1
    The redirect URL does not to be publicly accessible. It needs to be accessible from the user's browser only. http://localhost works just fine if the app is running locally, for instance. – Peter Aug 03 '18 at 09:45
  • Yup, that makes sense. Thanks, I have edited my answer accordingly – Pharaoh Aug 03 '18 at 10:11
  • Thanks, I will try with localhost – iAmoric Aug 03 '18 at 10:36
  • see if this helps https://stackoverflow.com/questions/19766912/how-do-i-authorise-an-app-web-or-installed-without-user-intervention – pinoyyid Aug 05 '18 at 14:44