Does Omniauth-google-oauth2 simply allow authentication, or does it also address API needs?

I'm having trouble understanding OAuth2 conceptually. I've read about the whole handshake process a hundred times. I can login to my app using a google account, but once that's done, I need to access Google's API (read data from a Google Spreadsheet on that same account that I logged into, and whom I included spreadsheets in the :scope as per the strategy readme).

Currently, I'm using Omniauth and the omniauth-google-oauth2 strategy; this works great; it pulls up Google's authentication/login screen, and when I get back to my callback link, I'm storing [omniauth][credentials][token].

What is the best way to then use that token to do API work with Google Docs?

Is this the right approach?

Answers


I think of Oauth2 as a "way to get the user's password to confirm their existence on my site".

So instead of your User model having a password column, in essence, it uses Google to say "this guy is cool".

Now, what does that have to do with API calls, you wonder... me too.

If I recall, there is a Refresh token that lasts for more than the 20 ms of authetication and will allow you to access their Google Docs, if Google's api allows you to do that.

Having said all that, If google needs their token, plus your API token to access their spreadsheet, I'd stick it into the session.

But if their API said to stick spreadsheet in the scope, then it must say something about how to use it all together too, no?

More Edits

Google Spreadsheets Oauth 2.0 authentication piece is here, with a flow. Notice the part about refresh tokens. I'd look into that.

It says to store it somewhere, which I'd choose the session, or if you are totally paranoid a db column somewhere, but not sure if that is right either. Just spitballing here.

Final Edit

Turns out even the people helping out the Oauth 2.0 don't agree/get it conceptually either.


You may be able to find a gem that wraps the Google API to simplify your tasks.

Here's one that works with Google Drive and spreadsheets.


The google-drive-ruby gem that @Galen mentions seems to work nicely with the google-oauth-2 provider:

Guessing you're already storing the token in the session in your callback handler, e.g.

  auth = request.env["omniauth.auth"]
  session[:token] = auth["credentials"]["token"]

then you can use it to build a session and access the sheet:

  require 'googleauth'

  session = GoogleDrive::Session.from_access_token(token)
  worksheet = session.spreadsheet_by_key(spreadsheet_id).worksheet_by_title(worksheet_name)
  ...etc

Hope this helps.


Need Your Help

Meteor loses connection to the database

mongodb meteor database-connection mlab

I'm running an instance of Meteor on Digital Ocean, and hosting the Mongo database on Mongolab. If the site has been idle for a few hours, and someone goes to a specific page, Meteor appears to dro...

'PHPUnit_Framework_Error_Warning' with message 'session_regenerate_id(): Cannot regenerate session id - headers already sent'

php session zend-framework phpunit

I ran into this problem writing controller tests for logging in. I found an answer for the Yii framework but I use Zend. The answer was to use ob_start() but it didn't work for me until I figured out