Credentials from OmniAuth?

[epugh]

Hi,

I haven't been able to successfully construct the credentials required to use the new google-api-ruby-client after logging in with OmniAuth. I saw this blog article: http://www.thegreatcodeadventure.com/using-the-google-api-ruby-client-with-google-calendar-api/ but they also had problems with the newer library.

Was wondering if there are any pointers to how to leverage the great Omniauth provider, but then use this client library?

[zquestz]

@epugh great question. I just played around in irb and figured out how to get it working. =)

require 'google/apis/calendar_v3'
require 'google/api_client/client_secrets.rb'
secrets = Google::APIClient::ClientSecrets.new({"web" => {"access_token" => "YOUR_ACCESS_TOKEN", "refresh_token" => "YOUR_REFRESH_TOKEN", "client_id" => "YOUR_CLIENT_ID", "client_secret" => "YOUR_CLIENT_SECRET"}})
cal = Google::Apis::CalendarV3::CalendarService.new
cal.authorization = secrets.to_authorization
cal.authorization.refresh!
cal.list_calendar_lists #profit!

Just make sure you have "calendar" listed in your initial scope when using omniauth-google-oauth2. I believe this should work with any of the Service objects included with the google-api-ruby-client gem.

Hope this helps.

[epugh]

@zquestz this definitely gives me fresh hope of cracking this nut!

I made the changes (I'm using Google Drive, not calendar), and I'm getting this error back, which I think may be related to my original Omniauth setup.

Error:

Authorization failed. Server message: { "error" : "invalid_request", "error_description" : "Required parameter is missing: grant_type" }

Omniauth setup:

Rails.application.config.middleware.use OmniAuth::Builder do

  provider :google_oauth2, Rails.application.secrets.google_client_id, Rails.application.secrets.google_client_secret,
    {
      :hd => "opensourceconnections.com",
      :prompt => "select_account",
      :image_aspect_ratio => "square",
      :image_size => 50,
      provider_ignores_state: true,
      :access_type => 'offline',
      :scope => 'userinfo.email, userinfo.profile,https://www.googleapis.com/auth/drive,https://www.googleapis.com/auth/userinfo.profile',
      :skip_jwt => true

    }
end

[epugh]

Okay, so one thing I realized was that I had an older version of omniauth-google-oauth2. My gemfile is now:

gem "omniauth-google-oauth2",'~> 0.3.1'  
gem 'google-api-client', '~> 0.9'

and from my Gemfile.lock:

    oauth2 (1.2.0)
      faraday (>= 0.8, < 0.10)
      jwt (~> 1.0)
      multi_json (~> 1.3)
      multi_xml (~> 0.5)
      rack (>= 1.2, < 3)
    omniauth (1.3.1)
      hashie (>= 1.2, < 4)
      rack (>= 1.0, < 3)
    omniauth-google-oauth2 (0.3.1)
      jwt (~> 1.0)
      multi_json (~> 1.3)
      omniauth (>= 1.1.1)
      omniauth-oauth2 (>= 1.3.1)
    omniauth-oauth2 (1.4.0)
      oauth2 (~> 1.0)
      omniauth (~> 1.2)

However, still getting the grant_type error:

Signet::AuthorizationError (Authorization failed.  Server message:
{
  "error" : "invalid_request",
  "error_description" : "Required parameter is missing: grant_type"
}):

[dsims]

I was getting the missing: grant_type error because the newer version of signet (0.7.3) immediately attempts to refresh the token if expires_at is nil. I did not want it to refresh so I had to set expires_at to far in the future.
googleapis/signet#75
#75

[TomK32]

Can't this be added to the examples in the README? I've had the same problem and it took me quite some time to find this solution which works nicely for me.

[zquestz]

Let me know if you need anything from my end. =)

[danielwelsh]

This is my savior tonight. Very poor documentation on setting omni auth scope when requesting access. Thank you.

[raldred]

Just wanted to share where I've got to on this, at time of writing, this works.

I'm using the following to access gsuite admin directory SDK to get our staff phone numbers from the directory service.
All our staff are authed via omniauth on our hosted domain, with the following:

    provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET'], {
      scope: ['email','profile','admin.directory.user.readonly'],
      hd: ENV['GOOGLE_HOSTED_DOMAIN']
    }

OmniAuthCallback

    service = Google::Apis::AdminDirectoryV1::DirectoryService.new
    service.client_options.application_name = ENV['GOOGLE_APP_NAME']

    authorization = Signet::OAuth2::Client.new(access_token: auth.credentials.token)
    authorization.expires_in = 1.week.from_now

    service.authorization = authorization

    user = service.get_user(auth.uid)
    user.phones.select { |phone| phone['type'] == 'mobile' }.first.try(:[], 'value')

Thanks to all those who've helped here and in other threads.
All google's docs assume you're using the googleauth gem however omniauth use is much more prevalent.

[benrudolph]

In case useful to others, I wrote up a blog post about this: https://medium.com/@_benrudolph/end-to-end-devise-omniauth-google-api-rails-7f432b38ed75

[dazuma]

Hi everyone,

Sorry for the long delay here. We're getting caught up on the issue backlog now, and will look into adding some relevant information to the documentation.

[Deekor]

Did this ever get documented?

[kirrg001]

FYI I have successfully replaced 'google/api_client/client_secrets' with signet.

 service.authorization = Signet::OAuth2::Client.new(
        access_token: token_object[:access_token],
        refresh_token: token_object[:refresh_token],
        client_id: ENV['GOOGLE_CLIENT_ID'],
        client_secret: ENV['GOOGLE_CLIENT_SECRET']
      )

[aandreassa]

I am consolidating some of these issues, and #367 was also created for tracking the documentation gap. Closing here in favor of the newer thread.