Tuesday, July 22, 2014

Google APIs : checking the scopes contained in an OAuth2 access token

When you've stored an OAuth2 access/refresh token couple for a long time, you might not be sure what scopes it was giving access to.

In that case, just pass the access token to the tokeninfo endpoint :

https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=XXXXX

The output looks like this :

{
 "issued_to": "407408718192.apps.googleusercontent.com",
 "audience": "407408718192.apps.googleusercontent.com",
 "user_id": "1170123456778279183758",
 "scope": "https://www.googleapis.com/auth/userinfo.email",
 "expires_in": 3585,
 "email": "someone@yourdomain.com",
 "verified_email": true,
 "access_type": "offline"
}

Of course you can also do this with a library. In Java :

Oauth2 oauth2 = new Oauth2.Builder(new NetHttpTransport(), new JacksonFactory(), null)
                  .setApplicationName(ProbeClient.APPLICATION_NAME)
                  .build();
return oauth2.tokeninfo().setAccessToken(yourAccessToken).execute();

You'll need the following dependency :

<dependency>
            <groupId>com.google.apis</groupId>
            <artifactId>google-api-services-oauth2</artifactId>
            <version>v1-rev76-1.18.0-rc</version>
</dependency>
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)