Does Omniauth-google-oauth2 simply allow authentication, or does it also address API needs?
I'm having trouble understanding OAuth2 conceptually. I've read about the whole handshake process a hundred times. I can login to my app using a google account, but once that's done, I need to access Google's API (read data from a Google Spreadsheet on that same account that I logged into, and whom I included spreadsheets in the :scope as per the strategy readme).
Currently, I'm using Omniauth and the omniauth-google-oauth2 strategy; this works great; it pulls up Google's authentication/login screen, and when I get back to my callback link, I'm storing [omniauth][credentials][token].
What is the best way to then use that token to do API work with Google Docs?
Is this the right approach?
I think of Oauth2 as a "way to get the user's password to confirm their existence on my site".
So instead of your User model having a password column, in essence, it uses Google to say "this guy is cool".
Now, what does that have to do with API calls, you wonder... me too.
If I recall, there is a Refresh token that lasts for more than the 20 ms of authetication and will allow you to access their Google Docs, if Google's api allows you to do that.
Having said all that, If google needs their token, plus your API token to access their spreadsheet, I'd stick it into the session.
But if their API said to stick spreadsheet in the scope, then it must say something about how to use it all together too, no?
Google Spreadsheets Oauth 2.0 authentication piece is here, with a flow. Notice the part about refresh tokens. I'd look into that.
It says to store it somewhere, which I'd choose the session, or if you are totally paranoid a db column somewhere, but not sure if that is right either. Just spitballing here.
Turns out even the people helping out the Oauth 2.0 don't agree/get it conceptually either.
You may be able to find a gem that wraps the Google API to simplify your tasks.
The google-drive-ruby gem that @Galen mentions seems to work nicely with the google-oauth-2 provider:
Guessing you're already storing the token in the session in your callback handler, e.g.
auth = request.env["omniauth.auth"] session[:token] = auth["credentials"]["token"]
then you can use it to build a session and access the sheet:
require 'googleauth' session = GoogleDrive::Session.from_access_token(token) worksheet = session.spreadsheet_by_key(spreadsheet_id).worksheet_by_title(worksheet_name) ...etc
Hope this helps.