Authenticating with Google using OAuth2

I spent a fair amount of time a few days ago attempting to figure out how to authenticate with Google so that I could write an app that would be able to download RSS feeds automatically from Google Reader. A number of documents that I read were old and out of date and discussed ways of doing it that are no longer relevant, and it took me one hell of a long time to figure out that it’s actually quite simple, and that you don’t need to use an API to do it. Indeed, I found it was vastly easier to not use an API, as they just confused things.

First off, why would you want to integrate with Google? Well, for my purposes, I wanted to read an RSS feed from a forum, but the RSS feed from this forum only gives me the last 25 posts, and if the app didn’t run often enough, it would miss posts to the forum if there had been more than 25 posts since it last ran. Google Reader resolves that problem for me, because it polls the RSS feed relatively often and therefore saves all posts, allowing me to get access to a historical set of posts.

It turns out there are a hell of a lot of Google services that you can engage with programatically, and to find a list of those available, the word you’re looking for is “scope”. Ultimately, the “scope” your app works within defines the Google services that your app can use.

Fundamentally, if you have a web app that wants to use a Google service, all you do is redirect your user to Google where they will agree (or not) to provide access to that “scope”, or service, and then they are redirected back to your web app. Your web app then exchanges data with Google to finish the initial handshake, and at that point it can start to download data.

You don’t have to do this using Javascript. A lot of the examples seem to suggest that you can only do this with Javascript from a browser, but this isn’t the case. You also don’t need to use the API software that Google provide. The Java one is just horrific in terms of size and confusion. All you need to do is read a couple of documents that explains the flow of how to get it going.

First, a general description. I’ll be honest, I found this one to be confusing and of no use, but I thought I’d link to it anyway.

The one I found was the most use, and got me 99% of everything I needed to know, was the web server document, which shows you in low level detail what your GET and POST requests need to look like, including HTTP headers. If you have that, you don’t need a confusing API which is most likely written by someone with a specific purpose in mind. Not only that, but I found the APIs took me longer to understand than just reading that web server document and giving it a try.

One additional page I found, which might have been useful during my investigations, is an OAuth 2.0 playground. I didn’t ever use it as I just wrote the web app in a “suck it and see” way, but it might well be useful for you.

Ultimately, integrating with Google and authenticating using OAuth 2.0 was pretty simple, but it took an age to find out that this was the way to go. Google’s own results when I was trying to figure out how to do it took me down too many dead ends, but as of today (30-Dec-12), OAuth 2.0 is the way they are doing it right now.

Leave a Reply