google-calendar | Mapsys.info Mapsys.info

OAuth 2.0, Python & Google Data APIs

Since March of this year, Google has supported OAuth 2.0 for many APIs, including Google Data APIs such as Google Calendar, Google Contacts and Google Documents List. Google’s implementation of OAuth 2.0 introduces many advantages compared to OAuth 1.0 such as simplicity for developers and a more polished user experience.

We’ve just added support for this authorization mechanism to the gdata-python-client library– let’s take a look at how it works by retrieving an access token for the Google Calendar and Google Documents List APIs and listing protected data.

Getting Started

First, you will need to retrieve or sync the project from the repository using Mercurial:

hg clone https://code.google.com/p/gdata-python-client/

For more information about installing this library, please refer to the Getting Started With the Google Data Python Library article.

Now that the client library is installed, you can go to your APIs Console to either create a new project, or use information about an existing one from the API Access pane:

Getting the Authorization URL

Your application will require the user to grant permission for it to access protected APIs on their behalf. It must redirect the user over to Google’s authorization server and specify the scopes of the APIs it is requesting permission to access.

Available Google Data API’s scopes are listed in the Google Data FAQ.

Here’s how your application can generate the appropriate URL and redirect the user:

import gdata.gauth

# The client id and secret can be found on your API Console.
CLIENT_ID = ''
CLIENT_SECRET = ''

# Authorization can be requested for multiple APIs at once by specifying multiple scopes separated by # spaces.
SCOPES = ['https://docs.google.com/feeds/', 'https://www.google.com/calendar/feeds/']  
USER_AGENT = ''

# Save the token for later use.
token = gdata.gauth.OAuth2Tokens(
   client_id=CLIENT_ID, client_secret=CLIENT_SECRET, scope=' '.join(SCOPES),
   user_agent=USER_AGENT)

# The “redirect_url” parameter needs to match the one you entered in the API Console and points
# to your callback handler.
self.redirect(
    token.generate_authorize_url(redirect_url='http://www.example.com/oauth2callback'))

If all the parameters match what has been provided by the API Console, the user will be shown this dialog:

When an action is taken (e.g allowing or declining the access), Google’s authorization server will redirect the user to the specified redirect URL and include an authorization code as a query parameter. Your application then needs to make a call to Google’s token endpoint to exchange this authorization code for an access token.

Getting an Access Token

import atom.http_core

url = atom.http_core.Uri.parse_uri(self.request.uri)
if 'error' in url.query:
  # The user declined the authorization request.
  # Application should handle this error appropriately.
  pass
else:
# This is the token instantiated in the first section.
  token.get_access_token(url.query)

The redirect handler retrieves the authorization code that has been returned by Google’s authorization server and exchanges it for a short-lived access token and a long-lived refresh token that can be used to retrieve a new access token. Both access and refresh tokens are to be kept private to the application server and should never be revealed to other client applications or stored as a cookie.

To store the token object in a secured datastore or keystore, the gdata.gauth.token_to_blob() function can be used to serialize the token into a string. The gdata.gauth.token_from_blob() function does the opposite operation and instantiate a new token object from a string.

Calling Protected APIs

Now that an access token has been retrieved, it can be used to authorize calls to the protected APIs specified in the scope parameter.

import gdata.calendar.client
import gdata.docs.client

# Access the Google Calendar API.
calendar_client = gdata.calendar.client.CalendarClient(source=USER_AGENT)
# This is the token instantiated in the first section.
calendar_client = token.authorize(calendar_client)
calendars_feed = client.GetCalendarsFeed()
for entry in calendars_feed.entry:
  print entry.title.text

# Access the Google Documents List API.
docs_client = gdata.docs.client.DocsClient(source=USER_AGENT)
# This is the token instantiated in the first section.
docs_client = token.authorize(docs_client)
docs_feed = client.GetDocumentListFeed()
for entry in docs_feed.entry:
  print entry.title.text

Google Tasks API and OAuth 2.0

Since we launched the Google Tasks API we have received a warm welcome from the developer community on the public forum, and a lot of question on how to make it work with OAuth 2.0 on Android. Let’s see how this can be done.

Android has its own native authorization flow and its own way of handling Google accounts as you can register them on your device. Since Android 2.0, the AccountManager manages the accounts that you have registered – the ones that are listed under Settings > Accounts & sync. Specifically, it handles the authorization flow and can generate authorization tokens that are required to access data using APIs.

Accounts registered in your Android environment

You can use the AccountManager to get the Google account you want to access the Tasks for. Though as the AccountManager also manages accounts from other vendors you can simply instantiate a GoogleAccountManager which is provided in the Google APIs Client library for Java and only handles Google accounts:

GoogleAccountManager googleAccountManager = new GoogleAccountManager(

  activity);

Account[] accounts = accountManager.getAccounts();

If more than one Google accounts are available on the Android device you should prompt the user for the account he wishes to use through a dialog.

Now that the user has chosen an account (or if there was only 1 Google account) you can ask the AccountManager to issue an authorization token for the Tasks API. This is done by calling the AccountManager.getAuthToken() method. The AccountManager will take care of contacting the Google APIs authorization endpoint and run the AccountManagerCallback that you have defined in the method call when it has retrieved an authorization token:

googleAccountManager.manager.getAuthToken(account, AUTH_TOKEN_TYPE, null,

  activity, new AccountManagerCallback() {

    public void run(AccountManagerFuture future) {

    try {

      // If the user has authorized your application to use the tasks API

      // a token is available.

      String token = future.getResult().getString(

        AccountManager.KEY_AUTHTOKEN);

      // Now you can use the Tasks API...

      useTasksAPI(token);

    } catch (OperationCanceledException e) {

      // TODO: The user has denied you access to the API, you

      // should handle that

    } catch (Exception e) {

      handleException(e);

    }

  }

}, null);

The Android AccountManager has support for OAuth 2.0. A user friendly AUTH_TOKEN_TYPE exists for the Tasks API which will make the AccountManager return an OAuth 2.0 access token:

String AUTH_TOKEN_TYPE = ”Manage your tasks”;

During the AccountManager.getAuthToken() call the AccountManager will check if your application has been authorized to access the Tasks API. If your application has not yet been authorized the user will be presented with an authorization dialog so that they can Allow or Deny your application to use the Tasks API on their account.

Authorization dialog

Another piece of getting the Tasks API to work using OAuth 2.0 on Android is that you also need to specify an API Key when making calls to the Tasks API. The API Key is mandatory as it identifies your application and therefore allows the API to deduct quota and use the quota rules defined for your project. You can get it from the Google APIs Console at API Access > Simple API Access > API Key. You need to specify the API Key on your Tasks service Object:

useTasksAPI(String accessToken) {

  // Setting up the Tasks API Service

  HttpTransport transport = AndroidHttp.newCompatibleTransport();

  AccessProtectedResource accessProtectedResource = 

    new GoogleAccessProtectedResource(accessToken);

  Tasks service = new Tasks(transport, accessProtectedResource, 

    new JacksonFactory());

  service.setKey(INSERT_YOUR_API_KEY);

  service.setApplicationName("Google-TasksSample/1.0");


  // TODO: now use the service to query the Tasks API

}

At this point you should have a fully setup Tasks API service Object which you can use to query the API as per the Tasks API developer’s Guide.

If you would like to get more tips and learn more about getting the Google Tasks API and OAuth 2.0 working on Android please have a look at our newly published article.

Also we recently added a new sample to the Google APIs Client Library for Java sample repository to help you getting started with the Tasks API and OAuth 2.0 on Android.

The New Google Calendar Appointment Slots

Places and similar products have slowly been moving towards becoming a transaction environment. Last November Google rolled out, on a limited basis, a hotel booking feature. In December, Bing introduced a restaurant reservation system on their Place page equivalent. This spring when Google added rich snippet events to the Places page, they integrated the ability to easily add those events to a user’s personal calendar.

On Monday Google rolled out appointment slots for Calendars. This feature allows you to not only publicly make your appointment slots visible to the others to see but also allows other Google Calendar users to book a segment of your time. BusinessInsider pointed out that the feature will very likely be a big hit with students looking to schedule a meeting with a teacher.

But as reader @brazil_83 pointed out to me that is likely just the beginning. He noted that it “seems like Google [is] getting close to providing scheduling for more complex activ: spa, golf, restos – anything social”.

Clearly this appointment slot feature is a critical piece of infrastructure. When viewed in light of the Places hotel bookings and the event/G calendar integration features, this puts Google one fairly short step away from adding an appointment feature on your Places page for a whole raft of business related activities from massages to scheduling your dish washer repair.

Every time a consumer touches a Place page is an opportunity for Google to insert themselves in the local sales process. This new capability, when (if?) added to Places, is one that arguably could remove friction in the local buying process, increase Google’s supply of local (time) inventory information and provide a perfect nexus for additional revenue for Google.