Following our previous post on OAuth 2.0 for web applications, we are now taking a look at how to use the OAuth 2.0 authentication protocol for native applications, presenting examples for the languages that we are supporting at the moment of writing: Java and Python.
Background
We strongly recommend reading Using OAuth 2.0 to Access Google APIs to learn about the Google implementations of OAuth 2.0 before proceeding with this post.
Java
The Google APIs Client Library for Java features a powerful and easy to use OAuth 2.0 library. We can take advantage of the existing GoogleOAuth2ThreeLeggedFlow helper class to easily perform our authentication flow.
First create an instance of GoogleOAuth2ThreeLeggedFlow, passing the following parameters to the constructor:
- a key that will be used to associate this flow object with an end user
- the Client ID for your application
- the Client Secret for your application
- the scope you are requesting access to (AdSense in your case)
- the URI to redirect to
GoogleOAuth2ThreeLeggedFlow authFlow = new GoogleOAuth2ThreeLeggedFlow( userId, "INSERT_CLIENT_ID_HERE", "INSERT_CLIENT_SECRET_HERE", "https://www.googleapis.com/auth/adsense", "urn:ietf:wg:oauth:2.0:oob");
For native applications, we use a special redirect URI:
"urn:ietf:wg:oauth:2.0:oob"
The “oob” part stands for “out of band” and the rest of the string identifies it as a part of the OAuth 2.0 standard.
When we use this redirect URI, instead of redirecting the user’s browser to a page on our site with an authorization code, Google will display a page and the authorization code or error response in the title of the page. A text field contained in the page will show instructions for the user to copy and paste it into our application.
To start the flow, let’s ask the user to load the authorization URL in their browser:
System.out.println(“Please input authorization code: ”); Scanner in = new Scanner(System.in); String authorizationCode = in.nextLine();
The last step is to use the authorization code to obtain an access token.
First you’ll need to initialize a transport for communication with the Authorization server and a factory for handling JSON, as the access token will be returned as a JSON object:
JsonFactory factory = new JacksonFactory(); HttpTransport transport = new NetHttpTransport(); authFlow.setHttpTransport(transport); authFlow.setJsonFactory(factory);
Now you can finalize the authentication flow by obtaining credentials for your user, and then use those credentials to create the Adsense helper object and then send your signed requests to the API:
Credential credential = authFlow.complete(authorizationCode); Adsense adsense = new Adsense(transport, credential, factory); AdClients adClients = adsense.adclients.list().execute();
Python
The home of the Google APIs Client Library for Python is also the home of OAuth2Client, a library designed for connecting to resources protected by OAuth 2.0.
First create an OAuth2WebServerFlow object, passing the following parameters to the constructor:
- the Client ID for your application
- the Client Secret for your application
- the scope you are requesting access to (AdSense in your case)
- an HTTP User-Agent to identify this application
flow = OAuth2WebServerFlow( client_id='INSERT_CLIENT_ID_HERE', client_secret='INSERT_CLIENT_SECRET_HERE', scope='https://www.googleapis.com/auth/adsense', user_agent='your-beautiful-python-app/1.0')
We can perform the authentication calling the ‘run’ function imported from oauth2client.tools, storing the authentication data using a Storage object:
storage = Storage(‘adsense.dat’); credentials = run(flow, storage);
If the flag ‘auth_local_webserver’ is raised (the default setting), oauth2client.tools will open the authentication URL on a running browser or on the system default browser. After the user performs the authentication, the authorization code will be read from the title of the page shown in the browser. If you don’t want this behaviour, you can disable it like this:
import gflags gflags.FLAGS.auth_local_webserver = False
In this way we’ll have a flow similar to the one that we have seen in Java: the user will be asked to open the authentication URL in a browser window and then to copy and paste the authorization code back in the application. The only difference is that oauth2client.tools will take care of printing these messages and read the input from the user for us.
The last step is create an httplib2.Http object, authorize it with the previously obtained credentials and then send a request to the API:
http = httplib2.Http() http = credentials.authorize(http) service = build(‘adsense’, ‘v1’, http=http) result = service.adclients().list().execute()
Cool! But I want to know more!
In this post we have seen examples of how to authenticate your native application using the Google implementation of the OAuth 2.0 protocol and the libraries that we are providing to simplify all of the tasks involved.
Now that we know how to perform authentication for both web and native applications, in my next post we are going to see different ways of storing the authentication data.