How to use Google Oauth2 access_token?

Question

I'm building a SSO setup for a web app. I can login known users and create new unknown users via https://www.googleapis.com/oauth2/v1/userinfo.

I get back a response like this:

{
    "access_token":"1/fFAGcxxxxxxxxxxxxxxxxxxx",
    "expires_in":3920,
    "token_type":"Bearer",
    "refresh_token":"1/xEoDL4iW3cxlI7yDbSRFYxxxxxxxxxxxxxxxxxxx"
}

So I get the user:

url = 'https://www.googleapis.com/oauth2/v1/userinfo?access_token=%s' % a['access_token']
req = urllib2.Request( url )
opener = urllib2.build_opener( urllib2.HTTPSHandler( debuglevel=0 ) )
req = opener.open( req )
reply = req.read()
req.close()
a = json.loads( reply )

That gives me the user's info and permission to access their GMail via my initial scope. But does this method of acquiring the user allow access to the user's GMail via imap?

http://code.google.com/apis/gmail/oauth/protocol.html

Does the access_token I'm getting allow access to that? I don't see where to use the 'access_token' now that I have it.

Answer 1

(Not sure if you still need an answer to this, but just in case...)

While most Google APIs can now authenticate using OAuth2, the Google IMAP client only supports OAuth 1. This requires not only an access token, but also a token 'secret'; you don't get that with the OAuth2 response (since you don't need it), which means it's pretty much useless to you.

What you can do is use OAuth 1; this is still supported by Google, although it doesn't have all the bells and whistles of OAuth2. The details of using it are at the link you mentioned (which now redirects to https://developers.google.com/google-apps/gmail/oauth_protocol). I would strongly recommend you use a known library for this, such as python-oauth2 (which, despite the name, uses OAuth 1).