So, I am building a simple system consisting of an Android application and Java EE RESTful service, and I had terrible authorization problems with Google. I implement Google+ Sign-in, and it works well on the client side, that is, I can get a user email address, JWT idToken and server authentication code, which I would like to exchange for access and update tokens and save them in my database. This is done as follows:
mGoogleApiClient = new GoogleApiClient.Builder(this)
.addApi(Plus.API)
.addScope(Plus.SCOPE_PLUS_LOGIN)
.addScope(Plus.SCOPE_PLUS_PROFILE)
.addConnectionCallbacks(this)
.addOnConnectionFailedListener(this)
.requestServerAuthCode(SERVICE_CLIENT_ID, this)
.build();
mGoogleApiClient.connect();
After a successful connection, onUploadServerAuthCode is called.
@Override
public boolean onUploadServerAuthCode(String idToken, String serverAuthCode) {
}
Then on my server side I use the code:
https://developers.google.com/drive/web/credentials
String CLIENTSECRET_LOCATION = "/WEB-INF/classes/client_secret.json";
String REDIRECT_URI = "urn:ietf:wg:oauth:2.0:oob";
List<String> SCOPES = Arrays.asList("https://www.googleapis.com/auth/plus.login");
GoogleAuthorizationCodeFlow getFlow() throws IOException {
if (flow == null) {
InputStream in = context.getResourceAsStream(CLIENTSECRET_LOCATION);
GoogleClientSecrets clientSecret = GoogleClientSecrets.load(
JSON_FACTORY, new InputStreamReader(in));
flow = new GoogleAuthorizationCodeFlow.Builder(HTTP_TRANSPORT,
JSON_FACTORY, clientSecret, SCOPES)
.setAccessType("offline").setApprovalPrompt("force")
.build();
}
return flow;
}
Credential exchangeCode(String authorizationCode)
throws CodeExchangeException {
try {
GoogleAuthorizationCodeFlow flow = getFlow();
GoogleTokenResponse response = flow
.newTokenRequest(authorizationCode)
.setRedirectUri(REDIRECT_URI).execute();
return flow.createAndStoreCredential(response, null);
} catch (IOException e) {
System.err.println("An error occurred: " + e);
throw new CodeExchangeException(null);
}
}
.
: client_secret.json Android-:
{
"installed":{
"auth_uri":"https://accounts.google.com/o/oauth2/auth",
"token_uri":"https://accounts.google.com/o/oauth2/token",
"client_email":"",
"redirect_uris":["urn:ietf:wg:oauth:2.0:oob","oob"],
"client_x509_cert_url":"",
"client_id":"243714256753-lqcm63mXXXXXXXXXXXXXXXXXXXXXXXXX.apps.googleusercontent.com",
"auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs"
}
}
in exchangeCode(String) GoogleAuthorizationCodeTokenRequest.execute() throws TokenResponseException: 401 Unauthorized
: client_secret.json :
{
"private_key_id": "77bee9dXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIICdgIBADANBgk ... \u003d\u003d\n-----END PRIVATE KEY-----\n",
"client_email": "243714256753-g21p1XXXXXXXXXXXXXXXXXXXXXXXXXXX@developer.gserviceaccount.com",
"client_id": "243714256753-g21p1XXXXXXXXXXXXXXXXXXXXXXXXXXX.apps.googleusercontent.com",
"type": "service_account"
}
{
"web": {
"private_key_id": "77bee9dXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIICdgI ... \u003d\u003d\n-----END PRIVATE KEY-----\n",
"client_email": "243714256753-g21p1XXXXXXXXXXXXXXXXXXXXXXXXXXX@developer.gserviceaccount.com",
"client_id": "243714256753-g21p1XXXXXXXXXXXXXXXXXXXXXXXXXXX.apps.googleusercontent.com",
"type": "service_account"
}
}
in exchangeCode() GoogleAuthorizationCodeTokenRequest.execute() throws
com.google.api.client.auth.oauth2.TokenResponseException: 400 Bad Request
{
"error" : "invalid_request",
"error_description" : "client_secret is missing."
}
1) ?
2) JWT, onUploadServerAuthCode?