Google Authentication with CURL 3


Please Share



Google OAuth LargeOccasionally while working on a project I have need to test some calls to Googles APIs manually. To do that you need an access token.    Getting an Access token can be a pain sometimes.

So i have created a simple CURL script that will show you how to authenticate to Google and get an access token.

You will need to go to Google developer console and create a client id for this its easier to use a type other client.   By using type other we can avoid the need for a redirect URI, we don’t really need one as we are just going to run this as a curl script.     If you are really worried about security you can lock the client to your ip address.

Prerequisites

What you need are the following:

  • Client ID
  • Client Secret
  • Scopes –  the scopes define what access you will receive.  you can have more then one just put a space between them.  For this i am just going to use openid.

Requesting Authorization

Now replace the values needed in the following link and put it in a web browser

https://accounts.google.com/o/oauth2/auth?client_id=[Application Client Id]&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=[Scopes]&response_type=code

Exchanging Authentication code

You should get the standard request for authentication.   Once you have accepted authentication copy the Authentication code.   Take the following code replace the values as needed.

curl \
–request POST \
–data “code=[Authentcation code from authorization link]&client_id=[Application Client Id]&client_secret=[Application Client Secret]&redirect_uri=urn:ietf:wg:oauth:2.0:oob&grant_type=authorization_code” \
https://accounts.google.com/o/oauth2/token

You should get something like this:

{
“access_token”:“XXXXX”,
“expires_in”:3600,
“id_token”:“XXXXX”,
“refresh_token”:“XXXXX”,
“token_type”:“Bearer”
}

Congratulations you now have an access token you can use in your Google API call.   Just remember to use access_token=  and not key=  there is a difference.

Use Refresh Token

If your access token expires you can use the following command to refresh it using the Refresh token.

curl \
–request POST \
–data ‘client_id=[Application Client Id]&client_secret=[Application Client Secret]&refresh_token=[Refresh token granted by second step]&grant_type=refresh_token’ \
https://accounts.google.com/o/oauth2/token

The response will be slightly diffrent this time.  You wont get a new Refresh token.

{
“access_token” : “XXXXX”,
“expires_in” : 3600,
“id_token” : “xxxxx”,
“token_type” : “Bearer”
}

Conclusion

We can use a couple of simple curl commands to get an access token for use with Google APIs.     There is a public Gist up on Github for this GoogleAuthenticationCurl.sh

Please Share


Linda Lawton

About Linda Lawton

My name is Linda Lawton I have more than 20 years experience working as an application developer and a database expert. I have also been working with Google APIs since 2012 and I have been contributing to the Google .Net client library since 2013. In 2013 I became a a Google Developer Experts for Google Analytics.


Leave a comment

Your email address will not be published. Required fields are marked *

3 thoughts on “Google Authentication with CURL

  • Fred

    Its important to note that some of these characters are not ascii-text characters, and may cause errors if you copy and paste it. In addition, there should be a “–” before “request” and “data”; not a single dash. Other than that, this guide should work.

    • Linda Lawton
      Linda Lawton Post author

      You would need to authenticate it once then save the refresh token you wont need to authenticate again after that. Or figure out how to do service account authentication. I haven’t had the time to work out service account authentication in curl myself. However if you get it working i would love to see it.