Google API: Authenticate request with OAuth but without user consent window then request Google data for particular username or user ID

StackOverflow https://stackoverflow.com/questions/23663681

Question

While reading this Implementing OAuth 2.0 Authentication (server side) I noticed the process is probably meant for a scenario where one is creating an app that let's users sign in with their Google credentials and subsequently show their Google+ posts, Youtube videos, etc.

What I need is the ability to fetch Google data based on google user's username or user ID. I do have client_id, client_secret, etc. from Google - and I'm willing to send them along my requests.

Step 1 seems OK. Make a request similar to this:

https://accounts.google.com/o/oauth2/auth?
client_id=1084945748469-eg34imk572gdhu83gj5p0an9fut6urp5.apps.googleusercontent.com&
redirect_uri=http%3A%2F%2Flocalhost%2Foauth2callback&
scope=https://www.googleapis.com/auth/youtube&
response_type=code&
access_type=offline

What would be great after this step is the possibility to just take the code so I can authenticate my request (via Google_Client()->authenticate($_GET['code']); or similar) and then exchange it for the auth_token.

I achieved something similar with Facebook API for PHP for fetching Facebook profile/page public posts - so unlike the sign in with FB process - no user consent is needed nor asked for.

Was it helpful?

Solution

You should be using a service account for this. Accessing the Google APIs using a service account is quite useful. Some times you just want to access your own data and not data owned by other users. In this instance there is no reason to use OAuth2 and prompt a user to give you access to there information, its your information you already have access. This is why we use a service account.

Google Service Account Example with in the PHP client lib can be found here: Example

You don't say exactly which API you are trying to access, and I dislike link only answers. So here is a basic example using the Google Analytics API.

<?php
session_start();
require_once 'Google/Client.php';
require_once 'Google/Service/Analytics.php';

/************************************************
  The following 3 values an befound in the setting
  for the application you created on  Google 
  Developers console.
  The Key file should be placed in a location
  that is not accessable from the web. outside of 
  web root.

  In order to access your GA account you must
  Add the Email address as a user at the 
  ACCOUNT Level in the GA admin. 
 ************************************************/
$client_id = '1046123799103-nk421gjc2v8mlr2qnmmqaak04ntb1dbp.apps.googleusercontent.com';
$Email_address = '1046123799103-nk421gjc2v8mlr2qnmmqaak04ntb1dbp@developer.gserviceaccount.com';
$key_file_location = '629751513db09cd21a941399389f33e5abd633c9-privatekey.p12';

$client = new Google_Client();
$client->setApplicationName("Client_Library_Examples");

$key = file_get_contents($key_file_location);

// seproate additional scopes with a comma
$scopes ="https://www.googleapis.com/auth/analytics.readonly";  

$cred = new Google_Auth_AssertionCredentials(
    $Email_address,
    array($scopes),
    $key
    );

$client->setAssertionCredentials($cred);
if($client->getAuth()->isAccessTokenExpired()) {
    $client->getAuth()->refreshTokenWithAssertion($cred);
}

$service = new Google_Service_Analytics($client);

I have a tutorial that goes along with that code it can be found here. Google Service Account PHP

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top