Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Managing Access Token with Google Drive Oauth 2.0

I'm using Google API Java Client to manage access to Google Drive API from Google App Engine in Java.

I get a user access token and refresh token and save both in our database. Although, I think only the refresh token needs to be persistent.

How do I manage Access token expiration? What do you think of this strategy:

  • Once I have logged into my web application, I get an Access token from my refresh token and I store it in the session. How must I create a Google credential object from refresh token stored in Database?

  • When I access Drive operations, in case of expiration, I capture the 401 exception to re-create the Access Token

I have read about Credential and Credential Store but it seems it's deprecated. Now this must be used: StoredCredential. Does anyone have a sample using this new interface?

Thanks.

like image 877
Diego Jovanovič Avatar asked Apr 15 '14 12:04

Diego Jovanovič


People also ask

How do I get an OAuth 2.0 authentication token?

To get a token for a Server Application client, make a POST request to the Panopto Oauth2 token endpoint. The post request should be sent with a content type of x-www-form-urlencoded, and include the following parameters: grant_type: The method you are using to get a token.


1 Answers

if you're using the Drive API library, it will handle the 401 exceptions for you, as long as you give it a credential with access and refresh token.

Here's how to build a Credential object with the StoredCredential . You can use an implementation different than MemoryDataStoreFactory :

public class ApiCredentialManager {
    private DataStore<StoredCredential> dataStore;
    
        //Put your scopes here
        public static String[] SCOPES_ARRAY = { "https://www.googleapis.com/auth/admin.directory.user" };
    
        private ApiCredentialManager() {
    
            try {
                dataStore = MemoryDataStoreFactory.getDefaultInstance().getDataStore("credentialDatastore");
            } catch (IOException e) {
                throw new RuntimeException("Unable to create in memory credential datastore", e);
            }
        }
    
        public static ApiCredentialManager getInstance() {
            if (instance == null)
                instance = new ApiCredentialManager();
    
            return instance;
        }
    
        public Credential getCredential(String username) throws Exception {
            try {
                GoogleCredential credential = new GoogleCredential.Builder()
                        .setTransport(new NetHttpTransport())
                        .setJsonFactory(new JacksonFactory())
                        .addRefreshListener(
                                new DataStoreCredentialRefreshListener(
                                        username, dataStore))
                        .build();
                
                if(dataStore.containsKey(username)){
                    StoredCredential storedCredential = dataStore.get(username);
                    credential.setAccessToken(storedCredential.getAccessToken());
                    credential.setRefreshToken(storedCredential.getRefreshToken());
                }else{
                    //Do something of your own here to obtain the access token.
                    //Most usually redirect the user to the OAuth page
                }
                
                return credential;
            } catch (GeneralSecurityException e) {
                throw new Exception("isuue while setting credentials", e);
            } catch (IOException e) {
                e.printStackTrace();
                throw new Exception("isuue while setting credentials", e);
            }
        }
        
        //Call this when you've obtained the access token and refresh token from Google
        public void saveCredential(String username, Credential credential){
            StoredCredential storedCredential = new StoredCredential();
            storedCredential.setAccessToken(credential.getAccessToken());
            storedCredential.setRefreshToken(credential.getRefreshToken());
            dataStore.set(username, storedCredential);
        }
}
like image 106
David Avatar answered Sep 29 '22 01:09

David