💾 Archived View for capsule.adrianhesketh.com › 2021 › 02 › 22 › google-oauth-token-cli captured on 2021-12-03 at 14:04:38. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-11-30)

➡️ Next capture (2022-06-11)

-=-=-=-=-=-=-

capsule.adrianhesketh.com

home

Google OAuth token CLI tool

I've been setting up some APIs to use Google Authentication as the identity provider. The API needs to know the user's identity (well, just their email address), and that's it.

This requires getting a JWT out of Google's identity system. First, you have to set up an OAuth 2.0 client ID in the Google Cloud Console, and get the client ID and client secret out. [0]

[0]

view credentials

From the view credentials screen, create a new OAuth Client ID.

When I'm a bit further along with the project, I'll make a web-based UI, but for now, I'm just trying to test the API surface, so I created a "Desktop App".

create OAuth client

With this in place, I needed a way to get an authentication token out of the Google system so that I can send it to my APIs, so I wrote a CLI tool in Go to pop open the Google Authentication screen to do it.

It starts a local web server, and initiates the OAuth authentication on the Web:

choose account

The Google domain is instructed to redirect back to the locally running Web server after authentication.

complete

Once that's done, the token is exchanged and the tokens (Access Token, ID Token) are printed to the console.

% sh ./start.sh
Opening auth URL: https://accounts.google.com/o/oauth2/auth?access_type=offline&client_id=xxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A9999%2FCallback&response_type=code&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&state=de380ddc-f159-4c4c-b8a4-xxxxxxxxxxxxx

Access Token: Bearer ya29.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Authorization: xxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxxx

The code is over at [1]

[1]

Run it with:

go run main.go -clientID=xxx-yyy.apps.googleusercontent.com -clientSecret=zzzzzzzzzzzzzzzz

More

Next

Setting up AppSync GraphQL subscriptions with TypeScript and CDK

Previous

AWS CLI - authenticating with SSO

Home

home