An Introduction to OAuth 2 and Google APIs

google-apps-gsuite

OAuth 2, in simple English, is a simple protocol that makes it easy for third-party applications to access a user’s account without the user having to give out their username and password to the application. Let me explain with an example.

The Save Emails addon downloads email messages from a user’s Gmail account to their Google Drive. The addon is the third-party application in this case and it can use OAuth 2.0 to obtain permission from the user to access their Gmail and Google Drive via standard Google APIs. The user can revoke access to the addon anytime. Also, if the user changes the password of their Google account later, the OAuth 2 connection will continue to work.

OAuth 2.0 Flow and Google APIs

The OAuth 2.0 flow is something like this.

  1. You create a new project in the Google Console for your application and generate the client ID and client secret. These keys are known both to your application and Google.
  2. Enable the various Google APIs that your application would use to obtain data from the user’s account. For instance, if you are the admin of a Google Apps domain, you may want to activate the Admin Directory SDK to get a list of all users in the domain.
  3. The application then redirects the browser to a  URL on the Google server. Here the user needs to give consent on whether the application should be granted access to their data on not.
  4. If the user approves, the Google Authorization Server redirects the user back to your application with a single-use authorization code that can be exchanged for a short-lived access token and a refresh token.
  5. Store the tokens in Google Cloud Storage, Firebase, MySQL database or even the local filesystem for command line applications.
  6. All future requests to the Google APIs should include this access token. The access token expires after some time so your application can use the refresh token to obtain a new access token. The refresh tokens do not expire.

In the next section, we’ll build a simple web application that uses OAuth 2.0 with Gmail API and Google PHP library to generate a list of all labels in the user’s mailbox.

Build OAuth 2 Application with Google APIs

Amit Agarwal

Amit Agarwal

Google Developer Expert, Google Cloud Champion

Amit Agarwal is a Google Developer Expert in Google Workspace and Google Apps Script. He holds an engineering degree in Computer Science (I.I.T.) and is the first professional blogger in India.

Amit has developed several popular Google add-ons including Mail Merge for Gmail and Document Studio. Read more on Lifehacker and YourStory

0

Awards & Titles

Digital Inspiration has won several awards since it's launch in 2004.

Google Developer Expert

Google Developer Expert

Google awarded us the Google Developer Expert award recogizing our work in Google Workspace.

ProductHunt Golden Kitty

ProductHunt Golden Kitty

Our Gmail tool won the Lifehack of the Year award at ProductHunt Golden Kitty Awards in 2017.

Microsoft MVP Alumni

Microsoft MVP Alumni

Microsoft awarded us the Most Valuable Professional (MVP) title for 5 years in a row.

Google Cloud Champion

Google Cloud Champion

Google awarded us the Champion Innovator title recognizing our technical skill and expertise.

Email Newsletter

Sign up for our email newsletter to stay up to date.

We will never send any spam emails. Promise.