After user granted/allowed to access their calendar, google auth is responding with the callback URL with code.
Let's say two users are trying to give access to their calendar at the same time, the server will receive two callback request from google with code. In this case, how to identify the user from whom this callback is received?
I need to store the access_token and refresh_token along with the user email to synchronize the calendar events.
Any ideas?
There are a few ways to do this.
One is, you might ask the user to authorize sharing his or her email address along with calendar information. That solution is discussed here: Google OAuth API to get user's email address?.
Another is, you could directly validate the access_token and get the user ID that way. You could invoke the https://developers.google.com/apis-explorer/#search/oauth2/oauth2/v2/oauth2.tokeninfo endpoint. I am not sure whether this user ID is an E-mail address; it may be an opaque ID that they use to represent the user. Depending on your needs (are you just looking for a unique identifier?) that could work for you as well.
Finally, you can always retrieve the user's primary calendar using the primary keyword, and the id of that calendar will be the user's E-mail address. That's certainly a hack, but might unblock you for now.
Below is the code snippet used
public void authoriseCode(String code) throws IOException {
TokenResponse tokenResponse = flow.newTokenRequest(code).setRedirectUri(redirectURI).execute();
Credential credential = new GoogleCredential().setAccessToken(tokenResponse.getAccessToken());
Calendar calendar =
new Calendar.Builder(HTTP_TRANSPORT, JSON_FACTORY, credential)
.setApplicationName(APPLICATION_NAME)
.build();
String email = calendar.calendars().get("primary").execute().getId();
...
}
Another best way is to use the state parameter. We can pass state while submitting the request and in response, API will contain the state. Which would be session id or unique id to identity the actual request.