Google Drive API Authentication - Make authentication on client?

Question

I am calling the following code on my back end when a user want to access their google drive through my service.

  public static DriveService GetService(string app_userID)
    {

        //get Credentials from client_secret.json file 
        UserCredential credential;
        var path = HttpContext.Current.Server.MapPath(@"~/client_secret.json");
        using (var stream = new FileStream(path, FileMode.Open, FileAccess.Read))
        {
            // The file token.json stores the user's access and refresh tokens, and is created
            // automatically when the authorization flow completes for the first time.
            string credPath = HttpContext.Current.Server.MapPath(@"~/token.json");
            credential = GoogleWebAuthorizationBroker.AuthorizeAsync(
                GoogleClientSecrets.Load(stream).Secrets,
                Scopes,
                app_userID,
                CancellationToken.None,
                new FileDataStore(credPath, true)).Result;
        }

        //create Drive API service.
        DriveService service = new DriveService(new BaseClientService.Initializer()
        {
            HttpClientInitializer = credential,
            ApplicationName = "GoogleDriveRestAPI-v3",
        });
        return service;

The problem though is that I think this code is developed to run on the front end app. I get the following error and I think the program tries to open up a web page for authentication but on the back end server.

{
"Message": "An error has occurred.",
"ExceptionMessage": "One or more errors occurred.",
"ExceptionType": "System.AggregateException",
"StackTrace": "   at System.Threading.Tasks.Task`1.GetResultCore(Boolean .......GoogleDrive.GoogleDriveFilesRepository.GetService(String tt_userID) in ,,,
"InnerException": {
    "Message": "An error has occurred.",
    "ExceptionMessage": "Failed to launch browser with \"...(google url)..." for authorization. See inner exception for details.",
    "ExceptionType": "System.NotSupportedException",
    "StackTrace": "   ...
    "InnerException": {
        "Message": "An error has occurred.",
        "ExceptionMessage": "Access is denied",
        "ExceptionType": "System.ComponentModel.Win32Exception",
        "StackTrace": "   at ...

How do I change so that the end user are authenticated on the client side instead? See my set up below.

Note that I still would like to be able to call the API from the back end if possible.

Answer 1

Well, this is how I finally solved it.

The authentication must be done on the client side and therefore also implemented in the java script code. The authentication will result in an authentication code.

Since I do my implementation in vue I used this library: vue-google-oauth2

If you want to implement in javascript directly this tutorial may help (first part up until you get the "code").

The authentication code can be used once for requesting access token. The authentication code needs to be passed to the backend server, in this case by using the API implemented in ASP.NET.

On the backend side I used this library together with this implementation. The only exception is that I set the redirect_uri to "postmessage". With that approach I can get the access token without using a redirect_uri. Not sure of the purpose of redirect_uri. However, no redirect_uri needs to be set in the Google console when using "postmessage".

I used the same clientID on both the server and on the web client. It worked fine but I am not sure if that is how it is supposed to be.

Finally, you need to understand oauth2 to some degree in order to be able to implement oauth2. The diagram at the bottom on this page give a quite good overview. However, if you plan to implement this in a real production environment you should make sure that you master the topic or get help from someone that do.