Authorizing for Google ToDo List (AuthToken, secid)

Question

I'm trying to get access to the Google's todo feed with this url:

https://www.google.com/calendar/tdl?secid=<SECID>&tdl={%22action_list%22%3A[{%22action_type%22%3A%22get_all%22%2C%22action_id%22%3A%221%22%2C%22list_id%22%3A%2215052708471047222911%3A0%3A0%22%2C%22get_deleted%22%3Afalse}]%2C%22client_version%22%3A-1}

If I open this in my browser with a correct secid, it shows me right what I want.

Now, the question is: how do I get secid programmatically (specifically, in a java program)? I have access to the authToken (from CalendarService), but I have no clue how to use it to authorize my access to the URL above.

I tried to use the url http://google.com/accounts/ServiceLogin, but I didn't find any examples.

Any help, please?

Answer 1

From what I read secid is a session ID obtained from browser's cookies. Whereas your case uses Java which implies a server app. If that is the case, you want to drop the idea of using secid entirely.

Instead, you want to check out Google's OAuth2 documentation. If you are using Java, most likely you would be interested in the web-server OAuth flow. Pay special attention to the sequence diagrams.

The key steps include:

1) Obtain an authorization code from Google OAuth with the user's consent. For that, you redirect the user to Google with the appropriate scope. Check the list of calendar scopes for your case. Once the user consents, Google redirects back to you with an authorization code.

2) Call Google OAuth with the authorization code and your app's credentials to exchange for an access token.

3) Call Google's Calendar API using the access token.

And if you use Google's Java client as suggested by @ChaosPredictor, chances are some of the steps are already wrapped into the Java client (and your code will be much simpler).