NAME

goauth - CLI tool with mini http server for negotiating Google OAuth2 Authorisation access tokens that allow offline access to Google API Services on behalf of the user.

VERSION

version 0.27

SUMMARY

Supports multiple users OAuth2 for Google. You can find the key (CLIENT ID) and secret (CLIENT SECRET) from the app console here under "APIs & Auth" and "Credentials" in the menu at https://console.developers.google.com/project.

Included as a utility within the CPAN Webservice::GoogleAPI::Client Bundle.

QUICK START

Simply run from the command line

goauth

Optionally you can provide an alternate filename to the default gapi.json as a parameter.

goauth my_differently_named_gapi.json 

Once installed as part of the WebService::GoogleAPI::Client bundle, this tool can be run from the command line to configure a Google Project to access a Project configuration that allows authenticated and authorised users to grant permission to access Google API services on their data (Email, Files etc) to the extent provided by the Access Scopes for the project and the auth tokens.

In order to successfully run goauth for the first time requires the following Google Project configuration variables:

  • Client ID

  • Client Secret

  • List of Scopes to request access to on behalf of users ( must be a subset of those enabled for the project. )

You must also add whatever URL you end up accessing goauth from as a valid Redirect URI in your Google Cloud Console. You can get there from https://console.cloud.google.com/apis/credentials, and then clicking edit on the OAuth Client ID that you're using for this project.

You need to add something like

http://localhost:3001/

with the port number set to whichever goauth ends up picking. (This is assuming that you typed http://localhost:3001 in your browser when you opened it, it won't work if you typed in 127.0.0.1:3001).

If not already available in the gapi.json file, you will be prompted to supply these as the file is created.

Once this configuration is complete, the goauth tool will launch a mini HTTP server to provide an interface to request users to authorise your project application.

Once you have succesfully created a gapi.json file and have authenticated a user that is represented in this file then you can start making Google API Requests.

See WebService::Google::Client for more detail.

gapi.json

The ultimate output of this is the gapi.json file that contains both the Google Project Specification as well as the authorised user access tokens. The file describes a set of scopes that must all be configured as available to the Project through the Google Admin Console. You may have multiple gapi.json files for the same project containing a different subset of scopes. The gapi.json file also contains the authorisation tokens granted by users. Multiple users can be described within a single gapi.json file. If users exist across multiple gapi.json files for the same project then (I believe) only the most recently granted set of scopes will be usable.

The user can revoke permissions granted to a project ( Application ) by visiting https://myaccount.google.com/permissions.

This file can be used to access Google API Services using the WebService::Google:API:Client Google API Client Library.

References

* probably originally based on https://gist.github.com/throughnothing/3726907

AUTHOR

Veesh Goldman <veesh@cpan.org>

COPYRIGHT AND LICENSE

This software is Copyright (c) 2017-2023 by Veesh Goldman and Others.

This is free software, licensed under:

The Apache License, Version 2.0, January 2004