I'm using GooglesignInClient in my android app to authenticate users and simultaneously requesting to access Blogger with Scope and Authorization code.
here is the code
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestEmail()
.requestServerAuthCode(getString(R.string.web_client_id))
.requestScopes(new Scope("https://www.googleapis.com/auth/blogger"))
.build();
mGoogleSignInClient = GoogleSignIn.getClient(this, gso);
signInButton = findViewById(R.id.sign_in_button);
signInButton.setSize(SignInButton.SIZE_STANDARD);
signInButton.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View view) {
Intent signInIntent = mGoogleSignInClient.getSignInIntent();
startActivityForResult(signInIntent, RC_SIGN_IN);
}
});
After the user successfully signed in, I'm getting an Authorization code
GoogleSignInAccount acct = GoogleSignIn.getLastSignedInAccount(getApplicationContext());
String auth_code = acct.getServerAuthCode(); // it gives code like 4/0Ay0e-g5p.....
Still now there is no problem. But now how can I use this Authorization code to exchange for access-token and refresh-token?
I had seen some Stackoverflow code and did this.
String TOKEN_URL = "http://www.googleapis.com/oauth2/v4/token";
OkHttpClient client = new OkHttpClient();
RequestBody requestBody = new FormEncodingBuilder()
.add("grant_type", "authorization_code")
.add("client_id", String.valueOf(R.string.web_client_id))
.add("client_secret", "[my client serect code]")
.add("code",auth_code)
.add("redirect_uri","") //which uri should I give here since it is an android app?
.add("id_token",idToken)
.build();
Log.e(TAG, "requestbody is setted");
final com.squareup.okhttp.Request request = new com.squareup.okhttp.Request .Builder().header("content-type","application/x-www-from-urlencoded").url(TOKEN_URL).post(requestBody).build();
client.newCall(request).enqueue(new Callback() {
@Override
public void onFailure(Request request, IOException e) {
Log.e(TAG, "onFailure: " + e.toString());
}
@Override
public void onResponse(Response response) throws IOException {
Log.e(TAG, "onResponse: " + response.toString());
}
});
when I run this app I'm getting a 403 error. This is my error log
Response{protocol=http/1.1, code=403, message=Forbidden, url=http://www.googleapis.com/oauth2/v4/token}
Here I'm using webserver type OAuth 2.0 Client ID since I need a client-secret, but also created OAuth 2.0 Client ID for android and given package name and SHA-1 key. Now my doubt is
- How can I get refresh token and access token from android?
- Since it is an android app which redirect_uri should I give if needed?
- Is there any library for android to achieve this solution?
Please help me someone... Thanks in advance.
