✅ Authenticating using OAuth
Does anyone have any resources on authenticating using OAuth? I wanna interact with the Google Workspaces APIs which require OAuth authentication, but I have no idea how to properly set it up. I have the OAuth2 client secret and ID set up, I'm just unsure of how to use it.
33 Replies
What are you trying to connect with the oauth
Like are you doing a backend to backend or is it a client
I'm not an expert, but I thought it was a simple system of auth with original token, get back auth token, refresh that when it expires?
A client
A desktop one?
ye
I've read through this article and think I get how it works, but there's not reference for how to authenticate and stuff.
https://developers.google.com/workspace/guides/auth-overview
You will need to spin up a webserver in you client so you can listen to the callback from the oauth
Webserver? Like ASP.NET...? Or some other kind of server?
A simple httplistener is enough
I'm aiming for this to be a simple CLI tool, so it's not gonna be long-running.
And the listener just need to stay alive for the auth process
ah
When it's done and you have the token it is fine
So I set up an HTTP listener for the auth process, then discard it when it's done?
Yeah.
And for handling 80% of the process (except the httplistener part hahaha) you can use something like IdentityModel https://identitymodel.readthedocs.io/
Oh also, while I'm at it, would there be a way to store the token somewhere persistent such that the user doesn't need to log in on every invocation of the tool?
Well tokens have a short lifetime
What I'm imagining is like
They won't have to do a full login everything
ah, that's what the refresh token does?
*everything
*EVERYTIME
Fuck you corrector
Yes
But as I was going to say
It is not an issue to not keep it in memory because :
If they are connected to Google they won't need to re-log
It will just send you back a new auth token
So it'll be essentially invisible on subsequent runs?
Kinda
It will still open a browser tab
(But you can make it so it closes by having js in it)
hm, doesn't sound ideal but sure ig
This is very ugly, screened and not syntax highlight example
cool
Well, I still have the problem that I have no idea what url to actually call to authenticate 
The RefreshTokenHandler handles asking a new token when your http request gets a 401
Google should have give it to you
But IdentityModel handles that for you also
It has built-in support for Google APIs?
Yesnt. It handles oidc standard
As long as you manage to find the Authority url in your doc you are fine
Also there might be libs more specialised that handle Google
My solution is more like general oidc/oauth
Yeah but I can't find it
I've tried sending a request to the Tasks API and got back a 401 response (duh) which says something about
Bearer realm=https://accounts.google.com
Either I'm blind or it just does not say what the authority url is
https://developers.google.com/identity/protocols/oauth2
Wait there does seem to be a C# lib for itgot the wellknown
finally
https://accounts.google.com/.well-known/openid-configuration
so using this as the authority: https://accounts.google.com
will make any proper OIDC lib grab the well-known config
and do the magic mostly alone
Actually I installed the API wrapper lib by following the sample in the docs and everything works just fine
The library's DTOs are horrible tho 