Geek Answers Handbook

Does Omniauth-google-oauth2 just allow authentication or does it meet the API requirements?

I find it difficult to understand the concept of OAuth2. I read about this handshake process a hundred times. I can enter my application using the google account, but after that I need to access the Google API (read data from the Google spreadsheet in the same account that I logged in with and with whom I included spreadsheets in the area: strategy readme).

I am currently using Omniauth and the omniauth-google-oauth2 strategy; it works great; it pulls up the authentication / login screen of Google, and when I return to the callback link, I save [omniauth] [credentials] [token].

What is the best way to use this token to work with the Google Docs API?

Is this the right approach?

+4
source share
3 answers

I consider Oauth2 "a way to get a user password in order to verify its existence on my site."

So, instead of your user model having a password column, in fact, it uses Google to say "this guy is cool."

Now, what does this have to do with API calls, you're curious ... me too.

If I remember, there is a Refresh token that lasts more than 20ms of authentication and will allow you to access your Google Docs if the Google api allows you to do this.

Having said all this: if google needs its token, plus your API token to access your spreadsheet, I would put it in a session.

But if their API said to store the spreadsheet in scope, then it should say something about how to use all this together, no?

Additional changes

Google Spreadsheets Oauth 2.0 is the authentication part here, with the thread. Pay attention to some updated tokens. I would look at that.

It says that you need to store it somewhere, and I would choose a session, or if you are somewhere completely paranoid db column, but not sure if it is. Just spitballing here.

Final editing

It even causes people who help Oauth 2.0 to disagree / get it conceptually.

+1
source

You may find a gem that wraps the Google APIs to simplify your tasks.

Here's the one that works with Google Drive and spreadsheets .

+1
source

The google-drive-ruby gem mentioned by @Galen seems to work well with the google-oauth-2 provider:

Assuming you already save the token in the session in the callback handler, for example

auth = request.env["omniauth.auth"] session[:token] = auth["credentials"]["token"]

then you can use it to create a session and access the sheet:

  require 'googleauth' session = GoogleDrive::Session.from_access_token(token) worksheet = session.spreadsheet_by_key(spreadsheet_id).worksheet_by_title(worksheet_name) ...etc

Hope this helps.

0
source

More articles:


All Articles